CVE-2023-52584

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-52584
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52584.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-52584
Downstream
Related
Published
2024-03-06T06:45:19Z
Modified
2025-10-15T03:30:06.617551Z
Severity
  • 3.8 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
spmi: mediatek: Fix UAF on device remove
Details

In the Linux kernel, the following vulnerability has been resolved:

spmi: mediatek: Fix UAF on device remove

The pmif driver data that contains the clocks is allocated along with spmicontroller. On device remove, spmicontroller will be freed first, and then devres , including the clocks, will be cleanup. This leads to UAF because putting the clocks will access the clocks in the pmif driver data, which is already freed along with spmi_controller.

This can be reproduced by enabling DEBUGTESTDRIVER_REMOVE and building the kernel with KASAN.

Fix the UAF issue by using unmanaged clkbulkget() and putting the clocks before freeing spmi_controller.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b45b3ccef8c063d21eb746d85337eaf71f6b5f07
Fixed
521f28eedd6b14228c46e3b81e3bf9b90c2818d8
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b45b3ccef8c063d21eb746d85337eaf71f6b5f07
Fixed
f8dcafcb54632536684336161da8bdd52120f95e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b45b3ccef8c063d21eb746d85337eaf71f6b5f07
Fixed
9a3881b1f07db1bb55cb0108e6f05cfd027eaf2e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b45b3ccef8c063d21eb746d85337eaf71f6b5f07
Fixed
e821d50ab5b956ed0effa49faaf29912fd4106d9

Affected versions

v5.*

v5.16
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.2
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.2
v6.7.3

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2023-52584-30e8e791",
            "signature_type": "Function",
            "target": {
                "file": "drivers/spmi/spmi-mtk-pmif.c",
                "function": "mtk_spmi_remove"
            },
            "deprecated": false,
            "digest": {
                "length": 191.0,
                "function_hash": "228405622841805388936105403144067822600"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e821d50ab5b956ed0effa49faaf29912fd4106d9"
        },
        {
            "id": "CVE-2023-52584-3abed435",
            "signature_type": "Function",
            "target": {
                "file": "drivers/spmi/spmi-mtk-pmif.c",
                "function": "mtk_spmi_probe"
            },
            "deprecated": false,
            "digest": {
                "length": 1787.0,
                "function_hash": "184278784736811836119680657011121951551"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e821d50ab5b956ed0effa49faaf29912fd4106d9"
        },
        {
            "id": "CVE-2023-52584-51a476c0",
            "signature_type": "Function",
            "target": {
                "file": "drivers/spmi/spmi-mtk-pmif.c",
                "function": "mtk_spmi_remove"
            },
            "deprecated": false,
            "digest": {
                "length": 202.0,
                "function_hash": "326289877498627311119894985890786830591"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@521f28eedd6b14228c46e3b81e3bf9b90c2818d8"
        },
        {
            "id": "CVE-2023-52584-7d0dc7ca",
            "signature_type": "Line",
            "target": {
                "file": "drivers/spmi/spmi-mtk-pmif.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "57955821781779263813707322962151234043",
                    "66622906817499170798252746784154671567",
                    "105221649268016460568354817171152283217",
                    "122775735690042178870804564366425091933",
                    "319607293245495343250593293022079639527",
                    "333643911732875001396326489543803134116",
                    "52220170263037042919034006418060382278",
                    "109739608817247240336533216401820622720",
                    "99566176798625055980641692548360246849",
                    "328770194740992009104828191926685322892",
                    "247429270420404815707943462063098707462",
                    "8099534677105398681755883902288998774",
                    "220567750784624368915501691905788375293",
                    "180726559626677751109410036632491381262",
                    "191261748485443125863477033730718070605",
                    "214138395314603009467843277870401820924"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e821d50ab5b956ed0effa49faaf29912fd4106d9"
        },
        {
            "id": "CVE-2023-52584-9a0d51d8",
            "signature_type": "Function",
            "target": {
                "file": "drivers/spmi/spmi-mtk-pmif.c",
                "function": "mtk_spmi_probe"
            },
            "deprecated": false,
            "digest": {
                "length": 1787.0,
                "function_hash": "184278784736811836119680657011121951551"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@521f28eedd6b14228c46e3b81e3bf9b90c2818d8"
        },
        {
            "id": "CVE-2023-52584-aaf9e09a",
            "signature_type": "Line",
            "target": {
                "file": "drivers/spmi/spmi-mtk-pmif.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "57955821781779263813707322962151234043",
                    "66622906817499170798252746784154671567",
                    "105221649268016460568354817171152283217",
                    "122775735690042178870804564366425091933",
                    "319607293245495343250593293022079639527",
                    "333643911732875001396326489543803134116",
                    "52220170263037042919034006418060382278",
                    "109739608817247240336533216401820622720",
                    "99566176798625055980641692548360246849",
                    "328770194740992009104828191926685322892",
                    "247429270420404815707943462063098707462",
                    "8099534677105398681755883902288998774",
                    "220567750784624368915501691905788375293",
                    "180726559626677751109410036632491381262",
                    "191261748485443125863477033730718070605",
                    "277045684026435910816383117314146907783"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@521f28eedd6b14228c46e3b81e3bf9b90c2818d8"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.17.0
Fixed
6.1.77
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.16
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.4

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1da177e4c3f4
Fixed
521f28eedd6b
Type
ECOSYSTEM
Events
Introduced
1da177e4c3f4
Fixed
f8dcafcb5463
Type
ECOSYSTEM
Events
Introduced
1da177e4c3f4
Fixed
9a3881b1f07d
Type
ECOSYSTEM
Events
Introduced
1da177e4c3f4
Fixed
e821d50ab5b9