| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 2 Mar 2024 22:52:55 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2023-52510: ieee802154: ca8210: Fix a potential UAF in ca8210_probe Description =========== In the Linux kernel, the following vulnerability has been resolved: ieee802154: ca8210: Fix a potential UAF in ca8210_probe If of_clk_add_provider() fails in ca8210_register_ext_clock(), it calls clk_unregister() to release priv->clk and returns an error. However, the caller ca8210_probe() then calls ca8210_remove(), where priv->clk is freed again in ca8210_unregister_ext_clock(). In this case, a use-after-free may happen in the second time we call clk_unregister(). Fix this by removing the first clk_unregister(). Also, priv->clk could be an error code on failure of clk_register_fixed_rate(). Use IS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock(). The Linux kernel CVE team has assigned CVE-2023-52510 to this issue. Affected and fixed versions =========================== Issue introduced in 4.12 with commit ded845a781a5 and fixed in 4.14.328 with commit 28b68cba378e Issue introduced in 4.12 with commit ded845a781a5 and fixed in 4.19.297 with commit cdb46be93c1f Issue introduced in 4.12 with commit ded845a781a5 and fixed in 5.4.259 with commit 85c2857ef900 Issue introduced in 4.12 with commit ded845a781a5 and fixed in 5.10.199 with commit 55e06850c789 Issue introduced in 4.12 with commit ded845a781a5 and fixed in 5.15.136 with commit 84c6aa0ae5c4 Issue introduced in 4.12 with commit ded845a781a5 and fixed in 6.1.59 with commit 217efe32a452 Issue introduced in 4.12 with commit ded845a781a5 and fixed in 6.5.8 with commit becf5c147198 Issue introduced in 4.12 with commit ded845a781a5 and fixed in 6.6 with commit f990874b1c98 Please see https://www.kernel.org or a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-52510 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ieee802154/ca8210.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/28b68cba378e3e50a4082b65f262bc4f2c7c2add https://git.kernel.org/stable/c/cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d https://git.kernel.org/stable/c/85c2857ef90041f567ce98722c1c342c4d31f4bc https://git.kernel.org/stable/c/55e06850c7894f00d41b767c5f5665459f83f58f https://git.kernel.org/stable/c/84c6aa0ae5c4dc121f9996bb8fed46c80909d80e https://git.kernel.org/stable/c/217efe32a45249eb07dcd7197e8403de98345e66 https://git.kernel.org/stable/c/becf5c147198f4345243c5df0c4f035415491640 https://git.kernel.org/stable/c/f990874b1c98fe8e57ee9385669f501822979258
Powered by blists - more mailing lists