Bugzilla – Bug 1221079
VUL-0: CVE-2023-52584: kernel: spmi: mediatek: Fix UAF on device remove
Last modified: 2024-06-25 18:19:02 UTC
In the Linux kernel, the following vulnerability has been resolved: spmi: mediatek: Fix UAF on device remove The pmif driver data that contains the clocks is allocated along with spmi_controller. On device remove, spmi_controller will be freed first, and then devres , including the clocks, will be cleanup. This leads to UAF because putting the clocks will access the clocks in the pmif driver data, which is already freed along with spmi_controller. This can be reproduced by enabling DEBUG_TEST_DRIVER_REMOVE and building the kernel with KASAN. Fix the UAF issue by using unmanaged clk_bulk_get() and putting the clocks before freeing spmi_controller. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52584 https://www.cve.org/CVERecord?id=CVE-2023-52584 https://lore.kernel.org/linux-cve-announce/2024030643-CVE-2023-52584-fb9a@gregkh/ Patch: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=e821d50ab5b9
Already patched: -stable -SLE15-SP6 @kernel-bugs could you add the CVE reference?
Driver is first enabled/compiled in SLE15-SP6. No affected branches. Back to secutiry team.
Closing