{ "id": "CVE-2023-52510", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:47.587", "lastModified": "2024-11-21T08:39:55.950", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nieee802154: ca8210: Fix a potential UAF in ca8210_probe\n\nIf of_clk_add_provider() fails in ca8210_register_ext_clock(),\nit calls clk_unregister() to release priv->clk and returns an\nerror. However, the caller ca8210_probe() then calls ca8210_remove(),\nwhere priv->clk is freed again in ca8210_unregister_ext_clock(). In\nthis case, a use-after-free may happen in the second time we call\nclk_unregister().\n\nFix this by removing the first clk_unregister(). Also, priv->clk could\nbe an error code on failure of clk_register_fixed_rate(). Use\nIS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock()." }, { "lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ieee802154: ca8210: solucione un UAF potencial en ca8210_probe Si of_clk_add_provider() falla en ca8210_register_ext_clock(), llama a clk_unregister() para liberar priv->clk y devuelve un error. Sin embargo, la persona que llama ca8210_probe() luego llama a ca8210_remove(), donde priv->clk se libera nuevamente en ca8210_unregister_ext_clock(). En este caso, puede ocurrir un Use After Free la segunda vez que llamamos a clk_unregister(). Solucione este problema eliminando el primer clk_unregister(). Adem\u00e1s, priv->clk podr\u00eda ser un c\u00f3digo de error en caso de falla de clk_register_fixed_rate(). Utilice IS_ERR_OR_NULL para detectar este caso en ca8210_unregister_ext_clock()." } ], "metrics": {}, "references": [ { "url": "https://git.kernel.org/stable/c/217efe32a45249eb07dcd7197e8403de98345e66", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, { "url": "https://git.kernel.org/stable/c/28b68cba378e3e50a4082b65f262bc4f2c7c2add", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, { "url": "https://git.kernel.org/stable/c/55e06850c7894f00d41b767c5f5665459f83f58f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, { "url": "https://git.kernel.org/stable/c/84c6aa0ae5c4dc121f9996bb8fed46c80909d80e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, { "url": "https://git.kernel.org/stable/c/85c2857ef90041f567ce98722c1c342c4d31f4bc", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, { "url": "https://git.kernel.org/stable/c/becf5c147198f4345243c5df0c4f035415491640", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, { "url": "https://git.kernel.org/stable/c/cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, { "url": "https://git.kernel.org/stable/c/f990874b1c98fe8e57ee9385669f501822979258", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, { "url": "https://git.kernel.org/stable/c/217efe32a45249eb07dcd7197e8403de98345e66", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://git.kernel.org/stable/c/28b68cba378e3e50a4082b65f262bc4f2c7c2add", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://git.kernel.org/stable/c/55e06850c7894f00d41b767c5f5665459f83f58f", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://git.kernel.org/stable/c/84c6aa0ae5c4dc121f9996bb8fed46c80909d80e", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://git.kernel.org/stable/c/85c2857ef90041f567ce98722c1c342c4d31f4bc", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://git.kernel.org/stable/c/becf5c147198f4345243c5df0c4f035415491640", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://git.kernel.org/stable/c/cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://git.kernel.org/stable/c/f990874b1c98fe8e57ee9385669f501822979258", "source": "af854a3a-2127-422b-91ae-364da2661108" } ] }