Vulnerability Details : CVE-2023-52510
In the Linux kernel, the following vulnerability has been resolved:
ieee802154: ca8210: Fix a potential UAF in ca8210_probe
If of_clk_add_provider() fails in ca8210_register_ext_clock(),
it calls clk_unregister() to release priv->clk and returns an
error. However, the caller ca8210_probe() then calls ca8210_remove(),
where priv->clk is freed again in ca8210_unregister_ext_clock(). In
this case, a use-after-free may happen in the second time we call
clk_unregister().
Fix this by removing the first clk_unregister(). Also, priv->clk could
be an error code on failure of clk_register_fixed_rate(). Use
IS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock().
Vulnerability category: Memory Corruption
Products affected by CVE-2023-52510
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-52510
0.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 1 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-52510
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-12-11 |
CWE ids for CVE-2023-52510
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-52510
-
https://git.kernel.org/stable/c/85c2857ef90041f567ce98722c1c342c4d31f4bc
ieee802154: ca8210: Fix a potential UAF in ca8210_probe - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/28b68cba378e3e50a4082b65f262bc4f2c7c2add
ieee802154: ca8210: Fix a potential UAF in ca8210_probe - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/f990874b1c98fe8e57ee9385669f501822979258
ieee802154: ca8210: Fix a potential UAF in ca8210_probe - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/55e06850c7894f00d41b767c5f5665459f83f58f
ieee802154: ca8210: Fix a potential UAF in ca8210_probe - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d
ieee802154: ca8210: Fix a potential UAF in ca8210_probe - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/becf5c147198f4345243c5df0c4f035415491640
ieee802154: ca8210: Fix a potential UAF in ca8210_probe - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/84c6aa0ae5c4dc121f9996bb8fed46c80909d80e
ieee802154: ca8210: Fix a potential UAF in ca8210_probe - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/217efe32a45249eb07dcd7197e8403de98345e66
ieee802154: ca8210: Fix a potential UAF in ca8210_probe - kernel/git/stable/linux.git - Linux kernel stable treePatch
Jump to