vulnerability

Debian: CVE-2023-52708: linux -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	May 21, 2024	Jul 30, 2024	Mar 30, 2026

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

May 21, 2024

Added

Jul 30, 2024

Modified

Mar 30, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

mmc: mmc_spi: fix error handling in mmc_spi_probe()

If mmc_add_host() fails, it doesn't need to call mmc_remove_host(),
or it will cause null-ptr-deref, because of deleting a not added
device in mmc_remove_host().

To fix this, goto label 'fail_glue_init', if mmc_add_host() fails,
and change the label 'fail_add_host' to 'fail_gpiod_request'.

Solution

debian-upgrade-linux

References

CVE-2023-52708
https://attackerkb.com/topics/CVE-2023-52708
CWE-476
EUVD-EUVD-2023-57332
https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-57332

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report