Security Vulnerability - Action Required: Use After Free vulnerability may in your project #802
Description
Hi,
we have detected that your project may be vulnerable to Use After Free in the function of ene_remove in the file of trunk/linux-3.4.x/drivers/media/rc/ene_ir.c . It shares similarities to a recent CVE disclosure CVE-2023-1118 in the linux.
The source vulnerability information is as follows:
Vulnerability Detail:
CVE Identifier: CVE-2023-1118
Description: A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-1118
Patch: torvalds/linux@29b0589
Would you help to check if this bug is true? If it's true, I'd like to open a PR for that if necessary. Thank you for your effort and patience!