CVE-2023-52510

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-52510
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52510.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-52510
Downstream
Related
Published
2024-03-02T21:52:22.645Z
Modified
2026-03-14T12:23:12.041023Z
Summary
ieee802154: ca8210: Fix a potential UAF in ca8210_probe
Details

In the Linux kernel, the following vulnerability has been resolved:

ieee802154: ca8210: Fix a potential UAF in ca8210_probe

If ofclkaddprovider() fails in ca8210registerextclock(), it calls clkunregister() to release priv->clk and returns an error. However, the caller ca8210probe() then calls ca8210remove(), where priv->clk is freed again in ca8210unregisterextclock(). In this case, a use-after-free may happen in the second time we call clk_unregister().

Fix this by removing the first clkunregister(). Also, priv->clk could be an error code on failure of clkregisterfixedrate(). Use ISERRORNULL to catch this case in ca8210unregisterextclock().

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52510.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ded845a781a578dfb0b5b2c138e5a067aa3b1242
Fixed
28b68cba378e3e50a4082b65f262bc4f2c7c2add
Fixed
cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d
Fixed
85c2857ef90041f567ce98722c1c342c4d31f4bc
Fixed
55e06850c7894f00d41b767c5f5665459f83f58f
Fixed
84c6aa0ae5c4dc121f9996bb8fed46c80909d80e
Fixed
217efe32a45249eb07dcd7197e8403de98345e66
Fixed
becf5c147198f4345243c5df0c4f035415491640
Fixed
f990874b1c98fe8e57ee9385669f501822979258

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52510.json"