CVE-2023-52584 Information

Mar 07, 2024 cve

Description

In the Linux kernel the following vulnerability has been resolved:

spmi: mediatek: Fix UAF on device remove

The pmif driver data that contains the clocks is allocated along with spmi_controller. On device remove spmi_controller will be freed first and then devres including the clocks will be cleanup. This leads to UAF because putting the clocks will access the clocks in the pmif driver data which is already freed along with spmi_controller.

This can be reproduced by enabling DEBUG_TEST_DRIVER_REMOVE and building the kernel with KASAN.

Fix the UAF issue by using unmanaged clk_bulk_get() and putting the clocks before freeing spmi_controller.

Reference

https://git.kernel.org/stable/c/521f28eedd6b14228c46e3b81e3bf9b90c2818d8 https://git.kernel.org/stable/c/f8dcafcb54632536684336161da8bdd52120f95e https://git.kernel.org/stable/c/9a3881b1f07db1bb55cb0108e6f05cfd027eaf2e https://git.kernel.org/stable/c/e821d50ab5b956ed0effa49faaf29912fd4106d9

Share on: