CVE-2023-53854

EPSS 0.02%
Veröffentlicht 09.12.2025 01:30:19
Zuletzt bearbeitet 09.12.2025 18:37:13
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ASoC: mediatek: mt8186: Fix use-after-free in driver remove path

When devm runs function in the "remove" path for a device it runs them
in the reverse order. That means that if you have parts of your driver
that aren't using devm or are using "roll your own" devm w/
devm_add_action_or_reset() you need to keep that in mind.

The mt8186 audio driver didn't quite get this right. Specifically, in
mt8186_init_clock() it called mt8186_audsys_clk_register() and then
went on to call a bunch of other devm function. The caller of
mt8186_init_clock() used devm_add_action_or_reset() to call
mt8186_deinit_clock() but, because of the intervening devm functions,
the order was wrong.

Specifically at probe time, the order was:
1. mt8186_audsys_clk_register()
2. afe_priv->clk = devm_kcalloc(...)
3. afe_priv->clk[i] = devm_clk_get(...)

At remove time, the order (which should have been 3, 2, 1) was:
1. mt8186_audsys_clk_unregister()
3. Free all of afe_priv->clk[i]
2. Free afe_priv->clk

The above seemed to be causing a use-after-free. Luckily, it's easy to
fix this by simply using devm more correctly. Let's move the
devm_add_action_or_reset() to the right place. In addition to fixing
the use-after-free, code inspection shows that this fixes a leak
(missing call to mt8186_audsys_clk_unregister()) that would have
happened if any of the syscon_regmap_lookup_by_phandle() calls in
mt8186_init_clock() had failed.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 3e56a1c04882852e3e7d6c59756a16211ebbc457

Version 55b423d5623ccd6785429431c2cf5f3e073b73ba

Status affected

Version < dffd9e2b57cb845930fa885aa634a847ba2130dd

Version 55b423d5623ccd6785429431c2cf5f3e073b73ba

Status affected

Version < a93d2afd3f77a7331271a0f25c6a11003db69b3c

Version 55b423d5623ccd6785429431c2cf5f3e073b73ba

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.0

Status affected

Version < 6.0

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.30

Status unaffected

Version <= 6.3.*

Version 6.3.4

Status unaffected

Version <= *

Version 6.4

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/3e56a1c04882852e3e7d6c59756a16211ebbc457

https://git.kernel.org/stable/c/dffd9e2b57cb845930fa885aa634a847ba2130dd

https://git.kernel.org/stable/c/a93d2afd3f77a7331271a0f25c6a11003db69b3c

https://nvd.nist.gov/vuln/detail/CVE-2023-53854

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53854

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53854

EUVD