CVE-2023-53544

Summary

In the Linux kernel, the following vulnerability has been resolved:

cpufreq: davinci: Fix clk use after free

The remove function first frees the clks and only then calls cpufreq_unregister_driver(). If one of the cpufreq callbacks is called just before cpufreq_unregister_driver() is run, the freed clks might be used.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6601b8030de3e9c29930684eeac15302a59f991a < 66b3bbe6fbd8dd410868e5b53ac3944a934b9310affected
LinuxLinux6601b8030de3e9c29930684eeac15302a59f991a < a5f024d0e6f91e05c816ad4ee8837173369dd5cbaffected
LinuxLinux6601b8030de3e9c29930684eeac15302a59f991a < ab05ae4ab831f64bbc427592c86f599ed9c4324faffected
LinuxLinux6601b8030de3e9c29930684eeac15302a59f991a < 5d8f384a9b4fc50f6a18405f1c08e5a87a77b5b3affected
LinuxLinux2.6.33affected
LinuxLinux0 < 2.6.33unaffected
LinuxLinux4.14.308 <= 4.14.*unaffected
LinuxLinux6.1.16 <= 6.1.*unaffected
LinuxLinux6.2.3 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

References