CVE-2023-52584
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-52584
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52584.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-52584
- Downstream
- Related
- Published
- 2024-03-06T06:45:19Z
- Modified
- 2025-10-21T14:31:53.767692Z
- Severity
-
- 3.8 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- spmi: mediatek: Fix UAF on device remove
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
spmi: mediatek: Fix UAF on device remove
The pmif driver data that contains the clocks is allocated along with spmicontroller. On device remove, spmicontroller will be freed first, and then devres , including the clocks, will be cleanup. This leads to UAF because putting the clocks will access the clocks in the pmif driver data, which is already freed along with spmi_controller.
This can be reproduced by enabling DEBUGTESTDRIVER_REMOVE and building the kernel with KASAN.
Fix the UAF issue by using unmanaged clkbulkget() and putting the clocks before freeing spmi_controller.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/521f28eedd6b14228c46e3b81e3bf9b90c2818d8
- https://git.kernel.org/stable/c/9a3881b1f07db1bb55cb0108e6f05cfd027eaf2e
- https://git.kernel.org/stable/c/e821d50ab5b956ed0effa49faaf29912fd4106d9
- https://git.kernel.org/stable/c/f8dcafcb54632536684336161da8bdd52120f95e
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb45b3ccef8c063d21eb746d85337eaf71f6b5f07Fixed521f28eedd6b14228c46e3b81e3bf9b90c2818d8
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb45b3ccef8c063d21eb746d85337eaf71f6b5f07Fixedf8dcafcb54632536684336161da8bdd52120f95e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb45b3ccef8c063d21eb746d85337eaf71f6b5f07Fixed9a3881b1f07db1bb55cb0108e6f05cfd027eaf2e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb45b3ccef8c063d21eb746d85337eaf71f6b5f07Fixede821d50ab5b956ed0effa49faaf29912fd4106d9
Affected versions
v5.*
v5.16
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.2
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.2
v6.7.3
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"57955821781779263813707322962151234043",
"66622906817499170798252746784154671567",
"105221649268016460568354817171152283217",
"122775735690042178870804564366425091933",
"319607293245495343250593293022079639527",
"333643911732875001396326489543803134116",
"52220170263037042919034006418060382278",
"109739608817247240336533216401820622720",
"99566176798625055980641692548360246849",
"328770194740992009104828191926685322892",
"247429270420404815707943462063098707462",
"8099534677105398681755883902288998774",
"220567750784624368915501691905788375293",
"180726559626677751109410036632491381262",
"191261748485443125863477033730718070605",
"214138395314603009467843277870401820924"
]
},
"target": {
"file": "drivers/spmi/spmi-mtk-pmif.c"
},
"signature_version": "v1",
"id": "CVE-2023-52584-0db42d23",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9a3881b1f07db1bb55cb0108e6f05cfd027eaf2e"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "184278784736811836119680657011121951551",
"length": 1787.0
},
"target": {
"file": "drivers/spmi/spmi-mtk-pmif.c",
"function": "mtk_spmi_probe"
},
"signature_version": "v1",
"id": "CVE-2023-52584-2be5a990",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f8dcafcb54632536684336161da8bdd52120f95e"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "228405622841805388936105403144067822600",
"length": 191.0
},
"target": {
"file": "drivers/spmi/spmi-mtk-pmif.c",
"function": "mtk_spmi_remove"
},
"signature_version": "v1",
"id": "CVE-2023-52584-30e8e791",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e821d50ab5b956ed0effa49faaf29912fd4106d9"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "184278784736811836119680657011121951551",
"length": 1787.0
},
"target": {
"file": "drivers/spmi/spmi-mtk-pmif.c",
"function": "mtk_spmi_probe"
},
"signature_version": "v1",
"id": "CVE-2023-52584-3abed435",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e821d50ab5b956ed0effa49faaf29912fd4106d9"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "326289877498627311119894985890786830591",
"length": 202.0
},
"target": {
"file": "drivers/spmi/spmi-mtk-pmif.c",
"function": "mtk_spmi_remove"
},
"signature_version": "v1",
"id": "CVE-2023-52584-51a476c0",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@521f28eedd6b14228c46e3b81e3bf9b90c2818d8"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "228405622841805388936105403144067822600",
"length": 191.0
},
"target": {
"file": "drivers/spmi/spmi-mtk-pmif.c",
"function": "mtk_spmi_remove"
},
"signature_version": "v1",
"id": "CVE-2023-52584-57974a08",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f8dcafcb54632536684336161da8bdd52120f95e"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "184278784736811836119680657011121951551",
"length": 1787.0
},
"target": {
"file": "drivers/spmi/spmi-mtk-pmif.c",
"function": "mtk_spmi_probe"
},
"signature_version": "v1",
"id": "CVE-2023-52584-6cf04c2e",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9a3881b1f07db1bb55cb0108e6f05cfd027eaf2e"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"57955821781779263813707322962151234043",
"66622906817499170798252746784154671567",
"105221649268016460568354817171152283217",
"122775735690042178870804564366425091933",
"319607293245495343250593293022079639527",
"333643911732875001396326489543803134116",
"52220170263037042919034006418060382278",
"109739608817247240336533216401820622720",
"99566176798625055980641692548360246849",
"328770194740992009104828191926685322892",
"247429270420404815707943462063098707462",
"8099534677105398681755883902288998774",
"220567750784624368915501691905788375293",
"180726559626677751109410036632491381262",
"191261748485443125863477033730718070605",
"214138395314603009467843277870401820924"
]
},
"target": {
"file": "drivers/spmi/spmi-mtk-pmif.c"
},
"signature_version": "v1",
"id": "CVE-2023-52584-7d0dc7ca",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e821d50ab5b956ed0effa49faaf29912fd4106d9"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "228405622841805388936105403144067822600",
"length": 191.0
},
"target": {
"file": "drivers/spmi/spmi-mtk-pmif.c",
"function": "mtk_spmi_remove"
},
"signature_version": "v1",
"id": "CVE-2023-52584-7e665025",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9a3881b1f07db1bb55cb0108e6f05cfd027eaf2e"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "184278784736811836119680657011121951551",
"length": 1787.0
},
"target": {
"file": "drivers/spmi/spmi-mtk-pmif.c",
"function": "mtk_spmi_probe"
},
"signature_version": "v1",
"id": "CVE-2023-52584-9a0d51d8",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@521f28eedd6b14228c46e3b81e3bf9b90c2818d8"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"57955821781779263813707322962151234043",
"66622906817499170798252746784154671567",
"105221649268016460568354817171152283217",
"122775735690042178870804564366425091933",
"319607293245495343250593293022079639527",
"333643911732875001396326489543803134116",
"52220170263037042919034006418060382278",
"109739608817247240336533216401820622720",
"99566176798625055980641692548360246849",
"328770194740992009104828191926685322892",
"247429270420404815707943462063098707462",
"8099534677105398681755883902288998774",
"220567750784624368915501691905788375293",
"180726559626677751109410036632491381262",
"191261748485443125863477033730718070605",
"277045684026435910816383117314146907783"
]
},
"target": {
"file": "drivers/spmi/spmi-mtk-pmif.c"
},
"signature_version": "v1",
"id": "CVE-2023-52584-aaf9e09a",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@521f28eedd6b14228c46e3b81e3bf9b90c2818d8"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"57955821781779263813707322962151234043",
"66622906817499170798252746784154671567",
"105221649268016460568354817171152283217",
"122775735690042178870804564366425091933",
"319607293245495343250593293022079639527",
"333643911732875001396326489543803134116",
"52220170263037042919034006418060382278",
"109739608817247240336533216401820622720",
"99566176798625055980641692548360246849",
"328770194740992009104828191926685322892",
"247429270420404815707943462063098707462",
"8099534677105398681755883902288998774",
"220567750784624368915501691905788375293",
"180726559626677751109410036632491381262",
"191261748485443125863477033730718070605",
"214138395314603009467843277870401820924"
]
},
"target": {
"file": "drivers/spmi/spmi-mtk-pmif.c"
},
"signature_version": "v1",
"id": "CVE-2023-52584-cc2908a4",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f8dcafcb54632536684336161da8bdd52120f95e"
}
]