7.8

CVE-2023-53544

cpufreq: davinci: Fix clk use after free

In the Linux kernel, the following vulnerability has been resolved:

cpufreq: davinci: Fix clk use after free

The remove function first frees the clks and only then calls
cpufreq_unregister_driver(). If one of the cpufreq callbacks is called
just before cpufreq_unregister_driver() is run, the freed clks might be
used.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.33 < 4.14.308
LinuxLinux Kernel Version >= 4.15 < 6.1.16
LinuxLinux Kernel Version >= 6.2 < 6.2.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.046
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/66b3bbe6fbd8dd410868e5b53ac3944a934b9310
Patch
https://git.kernel.org/stable/c/a5f024d0e6f91e05c816ad4ee8837173369dd5cb
Patch
https://git.kernel.org/stable/c/ab05ae4ab831f64bbc427592c86f599ed9c4324f
Patch
https://git.kernel.org/stable/c/5d8f384a9b4fc50f6a18405f1c08e5a87a77b5b3
Patch