In the Linux kernel, the following vulnerability has been resolved:
ieee802154: ca8210: Fix a potential UAF in ca8210_probe
If of_clk_add_provider() fails in ca8210_register_ext_clock(),
it calls clk_unregister() to release priv->clk and returns an
error. However, the caller ca8210_probe() then calls ca8210_remove(),
where priv->clk is freed again in ca8210_unregister_ext_clock(). In
this case, a use-after-free may happen in the second time we call
clk_unregister().
Fix this by removing the first clk_unregister(). Also, priv->clk could
be an error code on failure of clk_register_fixed_rate(). Use
IS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock().
References
Configurations
Configuration 1 (hide)
|
History
11 Dec 2024, 15:11
Type | Values Removed | Values Added |
---|---|---|
First Time |
Linux
Linux linux Kernel |
|
CWE | CWE-416 | |
References | () https://git.kernel.org/stable/c/217efe32a45249eb07dcd7197e8403de98345e66 - Patch | |
References | () https://git.kernel.org/stable/c/28b68cba378e3e50a4082b65f262bc4f2c7c2add - Patch | |
References | () https://git.kernel.org/stable/c/55e06850c7894f00d41b767c5f5665459f83f58f - Patch | |
References | () https://git.kernel.org/stable/c/84c6aa0ae5c4dc121f9996bb8fed46c80909d80e - Patch | |
References | () https://git.kernel.org/stable/c/85c2857ef90041f567ce98722c1c342c4d31f4bc - Patch | |
References | () https://git.kernel.org/stable/c/becf5c147198f4345243c5df0c4f035415491640 - Patch | |
References | () https://git.kernel.org/stable/c/cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d - Patch | |
References | () https://git.kernel.org/stable/c/f990874b1c98fe8e57ee9385669f501822979258 - Patch | |
CPE | cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
21 Nov 2024, 08:39
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://git.kernel.org/stable/c/217efe32a45249eb07dcd7197e8403de98345e66 - | |
References | () https://git.kernel.org/stable/c/28b68cba378e3e50a4082b65f262bc4f2c7c2add - | |
References | () https://git.kernel.org/stable/c/55e06850c7894f00d41b767c5f5665459f83f58f - | |
References | () https://git.kernel.org/stable/c/84c6aa0ae5c4dc121f9996bb8fed46c80909d80e - | |
References | () https://git.kernel.org/stable/c/85c2857ef90041f567ce98722c1c342c4d31f4bc - | |
References | () https://git.kernel.org/stable/c/becf5c147198f4345243c5df0c4f035415491640 - | |
References | () https://git.kernel.org/stable/c/cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d - | |
References | () https://git.kernel.org/stable/c/f990874b1c98fe8e57ee9385669f501822979258 - |
02 Mar 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-02 22:15
Updated : 2024-12-11 15:11
NVD link : CVE-2023-52510
Mitre link : CVE-2023-52510
CVE.ORG link : CVE-2023-52510
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-416
Use After Free