CVE-2023-53636

EPSS 0.02%
Veröffentlicht 07.10.2025 15:19:37
Zuletzt bearbeitet 03.02.2026 22:30:21
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

clk: microchip: fix potential UAF in auxdev release callback

In the Linux kernel, the following vulnerability has been resolved:

clk: microchip: fix potential UAF in auxdev release callback

Similar to commit 1c11289b34ab ("peci: cpu: Fix use-after-free in
adev_release()"), the auxiliary device is not torn down in the correct
order. If auxiliary_device_add() fails, the release callback will be
called twice, resulting in a UAF. Due to timing, the auxdev code in this
driver "took inspiration" from the aforementioned commit, and thus its
bugs too!

Moving auxiliary_device_uninit() to the unregister callback instead
avoids the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 3 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.1 < 6.1.28

Linux ≫ Linux Kernel Version >= 6.2 < 6.2.15

Linux ≫ Linux Kernel Version >= 6.3 < 6.3.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.048

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/5b4052aa956e11bcd19e50ca559eb38dcb46201b

Patch

https://git.kernel.org/stable/c/d7d6dacf39ed102d7667721ca1700022c9c8b11a

Patch

https://git.kernel.org/stable/c/934406b2d42eaf3fc57f5546cc68ff7ab9680bb3

Patch

https://git.kernel.org/stable/c/7455b7007b9e93bcc2bc9c1c6c73a228e3152069

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-53636

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53636

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53636

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-53636