In the Linux kernel, the following vulnerability has been resolved:
spmi: mediatek: Fix UAF on device remove
The pmif driver data that contains the clocks is allocated along with
spmi_controller.
On device remove, spmi_controller will be freed first, and then devres
, including the clocks, will be cleanup.
This leads to UAF because putting the clocks will access the clocks in
the pmif driver data, which is already freed along with spmi_controller.
This can be reproduced by enabling DEBUG_TEST_DRIVER_REMOVE and
building the kernel with KASAN.
Fix the UAF issue by using unmanaged clk_bulk_get() and putting the
clocks before freeing spmi_controller.
Metrics
Affected Vendors & Products
References
History
Mon, 04 Nov 2024 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux
Linux kernel |
|
CPEs | cpe:2.3:o:linux:kernel:*:*:*:*:*:*:*:* | |
Vendors & Products |
Linux
Linux kernel |
|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-03-06T06:45:19.847Z
Updated: 2024-12-19T08:22:05.221Z
Reserved: 2024-03-02T21:55:42.570Z
Link: CVE-2023-52584
Vulnrichment
Updated: 2024-08-02T23:03:21.159Z
NVD
Status : Awaiting Analysis
Published: 2024-03-06T07:15:07.227
Modified: 2024-11-21T08:40:07.433
Link: CVE-2023-52584
Redhat