DescriptionAn issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove().
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)bullseye5.10.218-1vulnerable
bullseye (security)5.10.221-1vulnerable
bookworm (security)6.1.99-1vulnerable
sid, trixie6.9.10-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

CONFIG_VCC depends on CONFIG_SUN_LDOMS, which is SPARC64 only

Search for package or bug name: Reporting problems