vulnerability

Ubuntu: (Multiple Advisories) (CVE-2023-52584): Linux kernel (OEM) vulnerabilities

Try Surface Command
Back to search
Severity
5
CVSS
(AV:N/AC:L/Au:M/C:P/I:P/A:N)
Published
Mar 6, 2024
Added
Mar 12, 2024
Modified
Feb 18, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

spmi: mediatek: Fix UAF on device remove

The pmif driver data that contains the clocks is allocated along with
spmi_controller.
On device remove, spmi_controller will be freed first, and then devres
, including the clocks, will be cleanup.
This leads to UAF because putting the clocks will access the clocks in
the pmif driver data, which is already freed along with spmi_controller.

This can be reproduced by enabling DEBUG_TEST_DRIVER_REMOVE and
building the kernel with KASAN.

Fix the UAF issue by using unmanaged clk_bulk_get() and putting the
clocks before freeing spmi_controller.

Solution(s)

ubuntu-upgrade-linux-image-6-1-0-1035-oemubuntu-upgrade-linux-image-6-5-0-1015-starfiveubuntu-upgrade-linux-image-6-5-0-1017-laptopubuntu-upgrade-linux-image-6-5-0-1018-raspiubuntu-upgrade-linux-image-6-5-0-1021-awsubuntu-upgrade-linux-image-6-5-0-1021-nvidiaubuntu-upgrade-linux-image-6-5-0-1021-nvidia-64kubuntu-upgrade-linux-image-6-5-0-1022-azureubuntu-upgrade-linux-image-6-5-0-1022-azure-fdeubuntu-upgrade-linux-image-6-5-0-1022-gcpubuntu-upgrade-linux-image-6-5-0-1024-oemubuntu-upgrade-linux-image-6-5-0-1024-oracleubuntu-upgrade-linux-image-6-5-0-1024-oracle-64kubuntu-upgrade-linux-image-6-5-0-41-genericubuntu-upgrade-linux-image-6-5-0-41-generic-64kubuntu-upgrade-linux-image-6-5-0-41-lowlatencyubuntu-upgrade-linux-image-6-5-0-41-lowlatency-64kubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-fdeubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-hwe-22-04ubuntu-upgrade-linux-image-generic-hwe-22-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-laptop-23-10ubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-64kubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04ubuntu-upgrade-linux-image-lowlatency-hwe-22-04ubuntu-upgrade-linux-image-nvidia-6-5ubuntu-upgrade-linux-image-nvidia-64k-6-5ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04ubuntu-upgrade-linux-image-nvidia-hwe-22-04ubuntu-upgrade-linux-image-oem-22-04ubuntu-upgrade-linux-image-oem-22-04aubuntu-upgrade-linux-image-oem-22-04bubuntu-upgrade-linux-image-oem-22-04cubuntu-upgrade-linux-image-oem-22-04dubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-raspi-nolpaeubuntu-upgrade-linux-image-starfiveubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-hwe-22-04

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today