CVE-2023-52510 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: ieee802154: ca8210: Fix a potential UAF in ca8210_probe If of_clk_add_provider() fails in ca8210_register_ext_clock(), it calls clk_unregister() to release priv->clk and returns an error. However, the caller ca8210_probe() then calls ca8210_remove(), where priv->clk is freed again in ca8210_unregister_ext_clock(). In this case, a use-after-free may happen in the second time we call clk_unregister(). Fix this by removing the first clk_unregister(). Also, priv->clk could be an error code on failure of clk_register_fixed_rate(). Use IS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock().

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

References

Link	Providers
https://git.kernel.org/stable/c/217efe32a45249eb07dcd7197e8403de98345e66
https://git.kernel.org/stable/c/28b68cba378e3e50a4082b65f262bc4f2c7c2add
https://git.kernel.org/stable/c/55e06850c7894f00d41b767c5f5665459f83f58f
https://git.kernel.org/stable/c/84c6aa0ae5c4dc121f9996bb8fed46c80909d80e
https://git.kernel.org/stable/c/85c2857ef90041f567ce98722c1c342c4d31f4bc
https://git.kernel.org/stable/c/becf5c147198f4345243c5df0c4f035415491640
https://git.kernel.org/stable/c/cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d
https://git.kernel.org/stable/c/f990874b1c98fe8e57ee9385669f501822979258
https://lore.kernel.org/linux-cve-announce/2024030250-CVE-2023-52510-6f8a@gregkh/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2023-52510
https://www.cve.org/CVERecord?id=CVE-2023-52510

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-03-02T21:52:22.645Z

Updated: 2024-11-04T14:48:16.928Z

Reserved: 2024-02-20T12:30:33.315Z

Link: CVE-2023-52510

Vulnrichment

Updated: 2024-08-02T23:03:20.696Z

NVD

Status : Awaiting Analysis

Published: 2024-03-02T22:15:47.587

Modified: 2024-03-04T13:58:23.447

Link: CVE-2023-52510

Redhat

Severity : Low

Publid Date: 2024-03-02T00:00:00Z

Links: CVE-2023-52510 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object