← Back to CVEs

CVE-2023-52510

HIGH

7.8

Description

In the Linux kernel, the following vulnerability has been resolved: ieee802154: ca8210: Fix a potential UAF in ca8210_probe If of_clk_add_provider() fails in ca8210_register_ext_clock(), it calls clk_unregister() to release priv->clk and returns an error. However, the caller ca8210_probe() then calls ca8210_remove(), where priv->clk is freed again in ca8210_unregister_ext_clock(). In this case, a use-after-free may happen in the second time we call clk_unregister(). Fix this by removing the first clk_unregister(). Also, priv->clk could be an error code on failure of clk_register_fixed_rate(). Use IS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock().

CVE Details

CVSS v3.1 Score7.8

SeverityHIGH

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorLOCAL

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published3/2/2024

Last Modified12/11/2024

Sourcenvd

Honeypot Sightings0

Affected Products

linux:linux_kernel

Weaknesses (CWE)

CWE-416

References

https://git.kernel.org/stable/c/217efe32a45249eb07dcd7197e8403de98345e66(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/28b68cba378e3e50a4082b65f262bc4f2c7c2add(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/55e06850c7894f00d41b767c5f5665459f83f58f(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/84c6aa0ae5c4dc121f9996bb8fed46c80909d80e(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/85c2857ef90041f567ce98722c1c342c4d31f4bc(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/becf5c147198f4345243c5df0c4f035415491640(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/f990874b1c98fe8e57ee9385669f501822979258(416baaa9-dc9f-4396-8d5f-8c081fb06d67)

https://git.kernel.org/stable/c/217efe32a45249eb07dcd7197e8403de98345e66(af854a3a-2127-422b-91ae-364da2661108)

https://git.kernel.org/stable/c/28b68cba378e3e50a4082b65f262bc4f2c7c2add(af854a3a-2127-422b-91ae-364da2661108)

https://git.kernel.org/stable/c/55e06850c7894f00d41b767c5f5665459f83f58f(af854a3a-2127-422b-91ae-364da2661108)

https://git.kernel.org/stable/c/84c6aa0ae5c4dc121f9996bb8fed46c80909d80e(af854a3a-2127-422b-91ae-364da2661108)

https://git.kernel.org/stable/c/85c2857ef90041f567ce98722c1c342c4d31f4bc(af854a3a-2127-422b-91ae-364da2661108)

https://git.kernel.org/stable/c/becf5c147198f4345243c5df0c4f035415491640(af854a3a-2127-422b-91ae-364da2661108)

https://git.kernel.org/stable/c/cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d(af854a3a-2127-422b-91ae-364da2661108)

https://git.kernel.org/stable/c/f990874b1c98fe8e57ee9385669f501822979258(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.