CVE-2023-52475 is a use-after-free vulnerability identified in the Linux kernel's powermate driver, which handles input devices such as the Griffin PowerMate USB controller. The flaw occurs when the device is disconnected: the powermate_device structure is freed (kfree), but asynchronous control messages that were in progress may still complete and invoke callbacks referencing the now-freed memory. Specifically, the lock associated with the device no longer exists when the callback executes, leading to a use-after-free condition. This can cause undefined behavior including kernel crashes, memory corruption, or potentially privilege escalation if exploited. The root cause is the failure to cancel in-progress USB requests upon device disconnection. The fix involves calling usb_kill_urb() on the device's config URB to ensure all pending requests are terminated before freeing the device structure, preventing callbacks from accessing freed memory. This vulnerability was discovered via syzbot, an automated kernel fuzzing tool, and affects certain Linux kernel versions identified by specific commit hashes. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, the impact of this vulnerability depends on the deployment of Linux systems using the powermate driver, typically in environments where Griffin PowerMate or similar USB input devices are used. Exploitation could lead to kernel crashes causing denial of service, or potentially allow local attackers to execute arbitrary code with kernel privileges if they can trigger the use-after-free condition. This could compromise system confidentiality, integrity, and availability. Organizations relying on Linux servers, workstations, or embedded devices with this driver are at risk, especially if untrusted users have physical or logical access to connect/disconnect USB devices. Critical infrastructure, research institutions, and enterprises with Linux-based systems in Europe could face operational disruptions or data breaches if exploited. However, the lack of known exploits and the requirement for device interaction limit immediate widespread risk.

European organizations should promptly update their Linux kernels to versions where this vulnerability is patched. If immediate patching is not feasible, administrators should restrict physical and logical access to USB ports to trusted users only, minimizing the risk of malicious device disconnection or connection. Implement USB device whitelisting and disable unused USB ports where possible. Monitoring kernel logs for unusual powermate driver errors or crashes can help detect exploitation attempts. For environments using custom or embedded Linux builds, ensure the powermate driver is updated or disabled if not required. Additionally, security teams should review USB device management policies and consider endpoint protection solutions that monitor kernel-level anomalies. Regular vulnerability scanning and kernel fuzzing can help identify similar issues proactively.