Use After Free Vulnerability in Linux Kernel Affecting mptlan Driver
CVE-2023-54310

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
30 December 2025

What is CVE-2023-54310?

The Linux kernel mptlan driver contains a use-after-free vulnerability due to a race condition in the mptlan_remove() function. This issue arises when the driver is unloaded while a work queue is still processing, leading to potential access to freed memory. The flaw occurs when mptlan_probe() initializes the workqueue and mpt_lan_wake_post_buckets_task() starts processing it. If the driver is removed concurrently, the device's memory can be freed while it is still being referenced, allowing attackers to exploit this condition to manipulate system operations. The resolution involves ensuring that all work items are completed before the device is cleaned up, thus preventing risks associated with accessing invalid memory.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 92f869693d84e813895ff4d25363744575515423

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 60c8645ad6f5b722615383d595d63b62b07a13c3

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 410e610a96c52a7b41e2ab6c9ca60868d9acecce

References

https://git.kernel.org/stable/c/92f869693d84e813895ff4d25...
https://git.kernel.org/stable/c/60c8645ad6f5b722615383d59...
https://git.kernel.org/stable/c/410e610a96c52a7b41e2ab6c9...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2023-54310 : Use After Free Vulnerability in Linux Kernel Affecting mptlan Driver