CVE-2023-52584

Published: Mar 6, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: spmi: mediatek: Fix UAF on device remove The pmif driver data that contains the clocks is allocated along with spmi_controller. On device remove, spmi_controller will be freed first, and then devres , including the clocks, will be cleanup. This leads to UAF because putting the clocks will access the clocks in the pmif driver data, which is already freed along with spmi_controller. This can be reproduced by enabling DEBUG_TEST_DRIVER_REMOVE and building the kernel with KASAN. Fix the UAF issue by using unmanaged clk_bulk_get() and putting the clocks before freeing spmi_controller.

Vendor	Product	Versions
Linux	Linux	affected `b45b3ccef8c063d21eb746d85337eaf71f6b5f07 - < 521f28eedd6b14228c46e3b81e3bf9b90c2818d8` affected `b45b3ccef8c063d21eb746d85337eaf71f6b5f07 - < f8dcafcb54632536684336161da8bdd52120f95e` affected `b45b3ccef8c063d21eb746d85337eaf71f6b5f07 - < 9a3881b1f07db1bb55cb0108e6f05cfd027eaf2e` affected `b45b3ccef8c063d21eb746d85337eaf71f6b5f07 - < e821d50ab5b956ed0effa49faaf29912fd4106d9`
Linux	Linux	affected `5.17` unaffected `0 - < 5.17` unaffected `6.1.77 - <= 6.1.` unaffected `6.6.16 - <= 6.6.` unaffected `6.7.4 - <= 6.7.*` +1 more versions

References

https://git.kernel.org/stable/c/521f28eedd6b14228c46e3b81e3bf9b90c2818d8

https://git.kernel.org/stable/c/f8dcafcb54632536684336161da8bdd52120f95e

https://git.kernel.org/stable/c/9a3881b1f07db1bb55cb0108e6f05cfd027eaf2e

https://git.kernel.org/stable/c/e821d50ab5b956ed0effa49faaf29912fd4106d9

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-52584

Description

Affected Products

References