CVE-2023-7152 | MicroPython 1.21.0/1.22.0-preview extmod/modselect.c poll_set_add_fd use after free

Posted by Angelo Barbosa | Dec 28, 2023 | CVE

A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free.

This vulnerability is handled as CVE-2023-7152. The attack needs to be approached within the local network. Furthermore, there is an exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2023-7152 | MicroPython 1.21.0/1.22.0-preview extmod/modselect.c poll_set_add_fd use after free

Related Posts

CVE-2023-52450 | Linux Kernel up to 6.1/6.6.13/6.7.1 on x86 uncore upi_fill_topology null pointer dereference (3d6f4a78b104/1692cf434ba1/bf1bf09e6b59)

CVE-2024-8356 | Visteon Infotainment VIP MCU Local Privilege Escalation (ZDI-24-1188)

CVE-2024-32672 | Samsung Escargot 4.0.0 memory corruption

CVE-2024-8689 | Palo Alto Networks ActiveMQ Content Pack up to 1.1.14 cleartext storage