CVE-2023-52691

2024-05-1700:00:00

ubuntu.com

linux kernel

vulnerability

double-free

amd

si_dpm_init

amdgpu

control flow

dpm_failed

si_dpm_fini

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: fix a double-free in si_dpm_init When the allocation of
adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails,
amdgpu_free_extended_power_table is called to free some fields of adev.
However, when the control flow returns to si_dpm_sw_init, it goes to label
dpm_failed and calls si_dpm_fini, which calls
amdgpu_free_extended_power_table again and free those fields again. Thus a
double-free is triggered.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu23.10noarchlinux< 6.5.0-41.41UNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu14.04noarchlinux< anyUNKNOWN
ubuntu16.04noarchlinux< anyUNKNOWN
ubuntu18.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	23.10	noarch	linux	< 6.5.0-41.41	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	14.04	noarch	linux	< any	UNKNOWN
ubuntu	16.04	noarch	linux	< any	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN