CVE-2023-52584

EPSS 0.05%
Published 06.03.2024 07:15:07
Last modified 14.03.2025 18:58:42
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

spmi: mediatek: Fix UAF on device remove

The pmif driver data that contains the clocks is allocated along with
spmi_controller.
On device remove, spmi_controller will be freed first, and then devres
, including the clocks, will be cleanup.
This leads to UAF because putting the clocks will access the clocks in
the pmif driver data, which is already freed along with spmi_controller.

This can be reproduced by enabling DEBUG_TEST_DRIVER_REMOVE and
building the kernel with KASAN.

Fix the UAF issue by using unmanaged clk_bulk_get() and putting the
clocks before freeing spmi_controller.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 6.1.77

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.16

Linux ≫ Linux Kernel Version >= 6.7 < 6.7.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.142

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	3.8	1.2	2.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/521f28eedd6b14228c46e3b81e3bf9b90c2818d8

Patch

https://git.kernel.org/stable/c/9a3881b1f07db1bb55cb0108e6f05cfd027eaf2e

Patch

https://git.kernel.org/stable/c/e821d50ab5b956ed0effa49faaf29912fd4106d9

Patch

https://git.kernel.org/stable/c/f8dcafcb54632536684336161da8bdd52120f95e

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-52584

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-52584

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-52584

EUVD