CVE-2023-35826: 
CBL Mariner vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2023-35826) was discovered in the Linux kernel before version 6.3.2. The vulnerability exists in the cedrus_remove function in drivers/staging/media/sunxi/cedrus/cedrus.c due to a race condition during device removal (Kernel Git, NVD).

The vulnerability occurs due to a race condition between the cedrus_watchdog function and cedrus_remove. In cedrus_probe, dev->watchdog_work is bound with the cedrus_watchdog function and started by schedule_delayed_work in cedrus_device_run. If there is an unfinished work in cedrus_remove, a race condition can occur leading to use-after-free when accessing m2m_dev after it has been freed. The vulnerability has been assigned a CVSS v3.1 base score of 7.0 (HIGH) with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

A successful exploitation of this vulnerability could allow a privileged attacker to cause a denial of service (system crash) or possibly execute arbitrary code (Ubuntu Security).

The vulnerability has been fixed in Linux kernel version 6.3.2 by adding cancel_delayed_work_sync() in cedrus_remove to ensure the watchdog worker is properly canceled before cleanup (Kernel Git). Users should upgrade to Linux kernel version 6.3.2 or later to address this vulnerability.