CVE-2023-52847

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: bttv: fix use after free error due to btv-&gt;timeout timer<br /> <br /> There may be some a race condition between timer function<br /> bttv_irq_timeout and bttv_remove. The timer is setup in<br /> probe and there is no timer_delete operation in remove<br /> function. When it hit kfree btv, the function might still be<br /> invoked, which will cause use after free bug.<br /> <br /> This bug is found by static analysis, it may be false positive.<br /> <br /> Fix it by adding del_timer_sync invoking to the remove function.<br /> <br /> cpu0 cpu1<br /> bttv_probe<br /> -&gt;timer_setup<br /> -&gt;bttv_set_dma<br /> -&gt;mod_timer;<br /> bttv_remove<br /> -&gt;kfree(btv);<br /> -&gt;bttv_irq_timeout<br /> -&gt;USE btv