CVE-2023-52584

Summary

In the Linux kernel, the following vulnerability has been resolved:

spmi: mediatek: Fix UAF on device remove

The pmif driver data that contains the clocks is allocated along with spmi_controller. On device remove, spmi_controller will be freed first, and then devres , including the clocks, will be cleanup. This leads to UAF because putting the clocks will access the clocks in the pmif driver data, which is already freed along with spmi_controller.

This can be reproduced by enabling DEBUG_TEST_DRIVER_REMOVE and building the kernel with KASAN.

Fix the UAF issue by using unmanaged clk_bulk_get() and putting the clocks before freeing spmi_controller.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb45b3ccef8c063d21eb746d85337eaf71f6b5f07 < 521f28eedd6b14228c46e3b81e3bf9b90c2818d8affected
LinuxLinuxb45b3ccef8c063d21eb746d85337eaf71f6b5f07 < f8dcafcb54632536684336161da8bdd52120f95eaffected
LinuxLinuxb45b3ccef8c063d21eb746d85337eaf71f6b5f07 < 9a3881b1f07db1bb55cb0108e6f05cfd027eaf2eaffected
LinuxLinuxb45b3ccef8c063d21eb746d85337eaf71f6b5f07 < e821d50ab5b956ed0effa49faaf29912fd4106d9affected
LinuxLinux5.17affected
LinuxLinux0 < 5.17unaffected
LinuxLinux6.1.77 <= 6.1.*unaffected
LinuxLinux6.6.16 <= 6.6.*unaffected
LinuxLinux6.7.4 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References