CVE-2023-52684

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-52684
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52684.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-52684
Downstream
Published
2024-05-17T14:24:46Z
Modified
2025-10-21T14:13:23.784808Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
firmware: qcom: qseecom: fix memory leaks in error paths
Details

In the Linux kernel, the following vulnerability has been resolved:

firmware: qcom: qseecom: fix memory leaks in error paths

Fix instances of returning error codes directly instead of jumping to the relevant labels where memory allocated for the SCM calls would be freed.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
759e7a2b62eb3ef3c93ffeb5cca788a09627d7d9
Fixed
85fdbf6840455be64eac16bdfe0df3368ee3d0f0
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
759e7a2b62eb3ef3c93ffeb5cca788a09627d7d9
Fixed
6c57d7b593c4a4e60db65d5ce0fe1d9f79ccbe9b

Affected versions

v6.*

v6.6
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "id": "CVE-2023-52684-091bd2ff",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@85fdbf6840455be64eac16bdfe0df3368ee3d0f0",
        "signature_version": "v1",
        "target": {
            "function": "qsee_uefi_set_variable",
            "file": "drivers/firmware/qcom/qcom_qseecom_uefisecapp.c"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "171007937567766248997288278241160414073",
            "length": 2005.0
        }
    },
    {
        "deprecated": false,
        "id": "CVE-2023-52684-19f8dae5",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@85fdbf6840455be64eac16bdfe0df3368ee3d0f0",
        "signature_version": "v1",
        "target": {
            "function": "qsee_uefi_get_variable",
            "file": "drivers/firmware/qcom/qcom_qseecom_uefisecapp.c"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "248289152215793395829789167536547136984",
            "length": 2476.0
        }
    },
    {
        "deprecated": false,
        "id": "CVE-2023-52684-1a20fe70",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6c57d7b593c4a4e60db65d5ce0fe1d9f79ccbe9b",
        "signature_version": "v1",
        "target": {
            "function": "qsee_uefi_get_next_variable",
            "file": "drivers/firmware/qcom/qcom_qseecom_uefisecapp.c"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "62151737185046147243739561736393555455",
            "length": 2578.0
        }
    },
    {
        "deprecated": false,
        "id": "CVE-2023-52684-5216eee1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6c57d7b593c4a4e60db65d5ce0fe1d9f79ccbe9b",
        "signature_version": "v1",
        "target": {
            "function": "qsee_uefi_set_variable",
            "file": "drivers/firmware/qcom/qcom_qseecom_uefisecapp.c"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "171007937567766248997288278241160414073",
            "length": 2005.0
        }
    },
    {
        "deprecated": false,
        "id": "CVE-2023-52684-696b1043",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@85fdbf6840455be64eac16bdfe0df3368ee3d0f0",
        "signature_version": "v1",
        "target": {
            "function": "qsee_uefi_get_next_variable",
            "file": "drivers/firmware/qcom/qcom_qseecom_uefisecapp.c"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "62151737185046147243739561736393555455",
            "length": 2578.0
        }
    },
    {
        "deprecated": false,
        "id": "CVE-2023-52684-9c63da6f",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@85fdbf6840455be64eac16bdfe0df3368ee3d0f0",
        "signature_version": "v1",
        "target": {
            "file": "drivers/firmware/qcom/qcom_qseecom_uefisecapp.c"
        },
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "335916759985385348310260350094008635446",
                "60576286478170979264217474574701990861",
                "181545125096019752107154207273105707661",
                "249068919290165460994806311117327671813",
                "152373909931564119074721818031558128472",
                "268073626466142464698582488339761598106",
                "60576286478170979264217474574701990861",
                "181545125096019752107154207273105707661",
                "38000447454215599019127332597737029439",
                "176724620144248558646532710250054475859",
                "213434213063234325886831331946256663769",
                "324616810825149753476480638774717610808",
                "187686626457458521680133081317706413254",
                "204807764090077663238960981154913178136",
                "232452489194604340692876763093442657656",
                "26514887220839944360306579167867727049",
                "97521178736213162070883271714787006285",
                "24403097974548202228234828127342906410",
                "26690837503025482820996585880495513634"
            ]
        }
    },
    {
        "deprecated": false,
        "id": "CVE-2023-52684-ada91a16",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6c57d7b593c4a4e60db65d5ce0fe1d9f79ccbe9b",
        "signature_version": "v1",
        "target": {
            "function": "qsee_uefi_get_variable",
            "file": "drivers/firmware/qcom/qcom_qseecom_uefisecapp.c"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "248289152215793395829789167536547136984",
            "length": 2476.0
        }
    },
    {
        "deprecated": false,
        "id": "CVE-2023-52684-bd95bedc",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6c57d7b593c4a4e60db65d5ce0fe1d9f79ccbe9b",
        "signature_version": "v1",
        "target": {
            "file": "drivers/firmware/qcom/qcom_qseecom_uefisecapp.c"
        },
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "335916759985385348310260350094008635446",
                "60576286478170979264217474574701990861",
                "181545125096019752107154207273105707661",
                "249068919290165460994806311117327671813",
                "152373909931564119074721818031558128472",
                "268073626466142464698582488339761598106",
                "60576286478170979264217474574701990861",
                "181545125096019752107154207273105707661",
                "38000447454215599019127332597737029439",
                "176724620144248558646532710250054475859",
                "213434213063234325886831331946256663769",
                "324616810825149753476480638774717610808",
                "187686626457458521680133081317706413254",
                "204807764090077663238960981154913178136",
                "232452489194604340692876763093442657656",
                "26514887220839944360306579167867727049",
                "97521178736213162070883271714787006285",
                "24403097974548202228234828127342906410",
                "26690837503025482820996585880495513634"
            ]
        }
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.2