CVE-2023-52664

2024-05-1700:00:00

ubuntu.com

linux kernel

net driver

double free

vulnerability

error handling

logic leak

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

In the Linux kernel, the following vulnerability has been resolved: net:
atlantic: eliminate double free in error handling logic Driver has a logic
leak in ring data allocation/free, where aq_ring_free could be called
multiple times on same ring, if system is under stress and got memory
allocation error. Ring pointer was used as an indicator of failure, but
this is not correct since only ring data is allocated/deallocated. Ring
itself is an array member. Changing ring allocation functions to return
error code directly. This simplifies error handling and eliminates
aq_ring_free on higher layer.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu23.10noarchlinux< 6.5.0-41.41UNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu14.04noarchlinux< anyUNKNOWN
ubuntu16.04noarchlinux< anyUNKNOWN
ubuntu18.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	23.10	noarch	linux	< 6.5.0-41.41	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	14.04	noarch	linux	< any	UNKNOWN
ubuntu	16.04	noarch	linux	< any	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN