CVE-2023-52859

EPSS 0.02%
Veröffentlicht 21.05.2024 16:15:22
Zuletzt bearbeitet 14.01.2025 17:32:34
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

perf: hisi: Fix use-after-free when register pmu fails

When we fail to register the uncore pmu, the pmu context may not been
allocated. The error handing will call cpuhp_state_remove_instance()
to call uncore pmu offline callback, which migrate the pmu context.
Since that's liable to lead to some kind of use-after-free.

Use cpuhp_state_remove_instance_nocalls() instead of
cpuhp_state_remove_instance() so that the notifiers don't execute after
the PMU device has been failed to register.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.13 < 5.15.139

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.63

Linux ≫ Linux Kernel Version >= 6.2 < 6.5.12

Linux ≫ Linux Kernel Version >= 6.6 < 6.6.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.03

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/0e1e88bba286621b886218363de07b319d6208b2

Patch

https://git.kernel.org/stable/c/3405f364f82d4f5407a8b4c519dc15d24b847fda

Patch

https://git.kernel.org/stable/c/75bab28ffd05ec8879c197890b1bd1dfec8d3f63

Patch

https://git.kernel.org/stable/c/b660420f449d094b1fabfa504889810b3a63cdd5

Patch

https://git.kernel.org/stable/c/b805cafc604bfdb671fae7347a57f51154afa735

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-52859

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-52859

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-52859

EUVD