7.8

CVE-2023-52688

EPSS 0.01%
Published 17.05.2024 15:15:19
Last modified 19.09.2025 18:46:21
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: fix the error handler of rfkill config

When the core rfkill config throws error, it should free the
allocated resources. Currently it is not freeing the core pdev
create resources. Avoid this issue by calling the core pdev
destroy in the error handler of core rfkill config.

Found this issue in the code review and it is compile tested only.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.7 < 6.7.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.013

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

https://git.kernel.org/stable/c/898d8b3e1414cd900492ee6a0b582f8095ba4a1a

Patch

https://git.kernel.org/stable/c/b4e593a7a22fa3c7d0550ef51c90b5c21f790aa8

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-52688

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-52688

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-52688

EUVD