CVE-2023-52510

2024-03-0200:00:00

ubuntu.com

linux kernel

ieee802154

ca8210

vulnerability

fix

use-after-free

clk_unregister

is_err_or_null

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

JSON

In the Linux kernel, the following vulnerability has been resolved:
ieee802154: ca8210: Fix a potential UAF in ca8210_probe If
of_clk_add_provider() fails in ca8210_register_ext_clock(), it calls
clk_unregister() to release priv->clk and returns an error. However, the
caller ca8210_probe() then calls ca8210_remove(), where priv->clk is freed
again in ca8210_unregister_ext_clock(). In this case, a use-after-free may
happen in the second time we call clk_unregister(). Fix this by removing
the first clk_unregister(). Also, priv->clk could be an error code on
failure of clk_register_fixed_rate(). Use IS_ERR_OR_NULL to catch this case
in ca8210_unregister_ext_clock().

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu23.10noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu14.04noarchlinux< anyUNKNOWN
ubuntu16.04noarchlinux< anyUNKNOWN
ubuntu18.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	23.10	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	14.04	noarch	linux	< any	UNKNOWN
ubuntu	16.04	noarch	linux	< any	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN