CVE-2023-52510
Published: Mar 2, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ieee802154: ca8210: Fix a potential UAF in ca8210_probe If of_clk_add_provider() fails in ca8210_register_ext_clock(), it calls clk_unregister() to release priv->clk and returns an error. However, the caller ca8210_probe() then calls ca8210_remove(), where priv->clk is freed again in ca8210_unregister_ext_clock(). In this case, a use-after-free may happen in the second time we call clk_unregister(). Fix this by removing the first clk_unregister(). Also, priv->clk could be an error code on failure of clk_register_fixed_rate(). Use IS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected ded845a781a578dfb0b5b2c138e5a067aa3b1242 - < 28b68cba378e3e50a4082b65f262bc4f2c7c2addaffected ded845a781a578dfb0b5b2c138e5a067aa3b1242 - < cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245daffected ded845a781a578dfb0b5b2c138e5a067aa3b1242 - < 85c2857ef90041f567ce98722c1c342c4d31f4bcaffected ded845a781a578dfb0b5b2c138e5a067aa3b1242 - < 55e06850c7894f00d41b767c5f5665459f83f58faffected ded845a781a578dfb0b5b2c138e5a067aa3b1242 - < 84c6aa0ae5c4dc121f9996bb8fed46c80909d80e+3 more versions |
Linux | Linux | affected 4.12unaffected 0 - < 4.12unaffected 4.14.328 - <= 4.14.*unaffected 4.19.297 - <= 4.19.*unaffected 5.4.259 - <= 5.4.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now