Login Sign Up

CVE-2023-35826

7.0 HIGH

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's cedrus video decoder driver allows local attackers to potentially escalate privileges or cause denial of service. This affects Linux systems using the sunxi/cedrus driver for Allwinner SoC hardware acceleration. Only systems with this specific driver loaded are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: All versions before 6.3.2
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if cedrus driver (CONFIG_VIDEO_SUNXI_CEDRUS) is compiled and loaded, typically on systems with Allwinner SoCs (like Orange Pi, Banana Pi).

📦 What is this software?

H300s by Netapp

View all CVEs affecting H300s →

H410c by Netapp

View all CVEs affecting H410c →

H410s by Netapp

View all CVEs affecting H410s →

H500s by Netapp

View all CVEs affecting H500s →

H700s by Netapp

View all CVEs affecting H700s →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, allowing complete system compromise and potential kernel panic/crash.

🟠

Likely Case

Local denial of service through kernel panic or system instability, requiring physical/hard reboot.

🟢

If Mitigated

Limited impact if driver not loaded or system not using Allwinner hardware acceleration.

🌐 Internet-Facing: LOW - Requires local access to exploit, not remotely exploitable.
🏢 Internal Only: MEDIUM - Local attackers with shell access could exploit for privilege escalation or DoS.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of driver interaction. No public exploits known as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 6.3.2 and later

Vendor Advisory: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2

Restart Required: Yes

Instructions:

1. Update kernel to 6.3.2 or later via distribution package manager. 2. For custom kernels: apply commit 50d0a7aea4809cef87979d4669911276aa23b71f. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable cedrus module

linux

Prevent loading of vulnerable driver module

echo 'blacklist sunxi_cedrus' >> /etc/modprobe.d/blacklist-cedrus.conf
rmmod sunxi_cedrus

Kernel module restriction

linux

Restrict module loading to prevent driver activation

echo 'install sunxi_cedrus /bin/false' >> /etc/modprobe.d/disable-cedrus.conf

🧯 If You Can't Patch

  • Restrict local user access to systems with cedrus driver loaded
  • Implement strict SELinux/AppArmor policies to limit driver interaction

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r and verify < 6.3.2. Check if cedrus module loaded: lsmod | grep -i cedrus

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version >= 6.3.2 with uname -r. Check commit contains fix: grep -r '50d0a7aea4809cef87979d4669911276aa23b71f' /usr/src/linux

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages in /var/log/kern.log
  • System crashes/reboots without clear cause
  • Failed module loads for sunxi_cedrus

Network Indicators:

  • None - local exploit only

SIEM Query:

source="kern.log" AND ("Oops" OR "general protection fault" OR "use-after-free") AND cedrus

📊 Metadata

CVE ID: CVE-2023-35826
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-362
Published: June 18, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35826, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)