7.8

CVE-2023-52510

ieee802154: ca8210: Fix a potential UAF in ca8210_probe

In the Linux kernel, the following vulnerability has been resolved:

ieee802154: ca8210: Fix a potential UAF in ca8210_probe

If of_clk_add_provider() fails in ca8210_register_ext_clock(),
it calls clk_unregister() to release priv->clk and returns an
error. However, the caller ca8210_probe() then calls ca8210_remove(),
where priv->clk is freed again in ca8210_unregister_ext_clock(). In
this case, a use-after-free may happen in the second time we call
clk_unregister().

Fix this by removing the first clk_unregister(). Also, priv->clk could
be an error code on failure of clk_register_fixed_rate(). Use
IS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.12 < 4.14.328
LinuxLinux Kernel Version >= 4.15 < 4.19.297
LinuxLinux Kernel Version >= 4.20 < 5.4.259
LinuxLinux Kernel Version >= 5.5 < 5.10.199
LinuxLinux Kernel Version >= 5.11 < 5.15.136
LinuxLinux Kernel Version >= 5.16 < 6.1.59
LinuxLinux Kernel Version >= 6.2 < 6.5.8
LinuxLinux Kernel Version6.6 Updaterc1
LinuxLinux Kernel Version6.6 Updaterc2
LinuxLinux Kernel Version6.6 Updaterc3
LinuxLinux Kernel Version6.6 Updaterc4
LinuxLinux Kernel Version6.6 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.151
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/217efe32a45249eb07dcd7197e8403de98345e66
Patch
https://git.kernel.org/stable/c/28b68cba378e3e50a4082b65f262bc4f2c7c2add
Patch
https://git.kernel.org/stable/c/55e06850c7894f00d41b767c5f5665459f83f58f
Patch
https://git.kernel.org/stable/c/84c6aa0ae5c4dc121f9996bb8fed46c80909d80e
Patch
https://git.kernel.org/stable/c/85c2857ef90041f567ce98722c1c342c4d31f4bc
Patch
https://git.kernel.org/stable/c/becf5c147198f4345243c5df0c4f035415491640
Patch
https://git.kernel.org/stable/c/cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d
Patch
https://git.kernel.org/stable/c/f990874b1c98fe8e57ee9385669f501822979258
Patch