CVE-2023-52584

LOW EPSS 42.5%
Published Mar 6, 20242y ago · Modified Jun 17, 20262w ago
3.8 CVSS 3.1
Low
Find Similar
Published Mar 6, 2024 2y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: spmi: mediatek: Fix UAF on device remove The pmif driver data that contains the clocks is allocated along with spmi_controller. On device remove, spmi_controller will be freed first, and then devres , including the clocks, will be cleanup. This leads to UAF because putting the clocks will access the clocks in the pmif driver data, which is already freed along with spmi_controller. This can be reproduced by enabling DEBUG_TEST_DRIVER_REMOVE and building the kernel with KASAN. Fix the UAF issue by using unmanaged clk_bulk_get() and putting the clocks before freeing spmi_controller.

CVSS Details

Base Score
3.8
Exploitability
1.2
Impact
2.5
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
42.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel* <6.1.77
linuxlinux_kernel*≥6.2  –  <6.6.16
linuxlinux_kernel*≥6.7  –  <6.7.4

References 4

  • git.kernel.org https://git.kernel.org/stable/c/521f28eedd6b14228c46e3b81e3bf9b90c2818d8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9a3881b1f07db1bb55cb0108e6f05cfd027eaf2e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e821d50ab5b956ed0effa49faaf29912fd4106d9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f8dcafcb54632536684336161da8bdd52120f95e
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/521f28eedd6b14228c46e3b81e3bf9b90c2818d8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9a3881b1f07db1bb55cb0108e6f05cfd027eaf2e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e821d50ab5b956ed0effa49faaf29912fd4106d9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f8dcafcb54632536684336161da8bdd52120f95e
    Patch