CVE-2023-52510

ieee802154: ca8210: Fix a potential UAF in ca8210_probe

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: ieee802154: ca8210: Fix a potential UAF in ca8210_probe If of_clk_add_provider() fails in ca8210_register_ext_clock(),
it calls clk_unregister() to release priv->clk and returns an
error. However, the caller ca8210_probe() then calls ca8210_remove(),
where priv->clk is freed again in ca8210_unregister_ext_clock(). In
this case, a use-after-free may happen in the second time we call
clk_unregister(). Fix this by removing the first clk_unregister(). Also, priv->clk could
be an error code on failure of clk_register_fixed_rate(). Use
IS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock().

In the Linux kernel, the following vulnerability has been resolved: ieee802154: ca8210: Fix a potential UAF in ca8210_probe If of_clk_add_provider() fails in ca8210_register_ext_clock(), it calls clk_unregister() to release priv->clk and returns an error. However, the caller ca8210_probe() then calls ca8210_remove(), where priv->clk is freed again in ca8210_unregister_ext_clock(). In this case, a use-after-free may happen in the second time we call clk_unregister(). Fix this by removing the first clk_unregister(). Also, priv->clk could be an error code on failure of clk_register_fixed_rate(). Use IS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock().

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-20 CVE Reserved
2024-03-02 CVE Published
2024-12-19 CVE Updated
2025-03-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/ded845a781a578dfb0b5b2c138e5a067aa3b1242	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/28b68cba378e3e50a4082b65f262bc4f2c7c2add	2023-10-25
https://git.kernel.org/stable/c/cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d	2023-10-25
https://git.kernel.org/stable/c/85c2857ef90041f567ce98722c1c342c4d31f4bc	2023-10-25
https://git.kernel.org/stable/c/55e06850c7894f00d41b767c5f5665459f83f58f	2023-10-25
https://git.kernel.org/stable/c/84c6aa0ae5c4dc121f9996bb8fed46c80909d80e	2023-10-19
https://git.kernel.org/stable/c/217efe32a45249eb07dcd7197e8403de98345e66	2023-10-19
https://git.kernel.org/stable/c/becf5c147198f4345243c5df0c4f035415491640	2023-10-19
https://git.kernel.org/stable/c/f990874b1c98fe8e57ee9385669f501822979258	2023-10-07

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.12 < 4.14.328 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.12 < 4.14.328"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.12 < 4.19.297 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.12 < 4.19.297"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.12 < 5.4.259 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.12 < 5.4.259"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.12 < 5.10.199 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.12 < 5.10.199"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.12 < 5.15.136 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.12 < 5.15.136"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.12 < 6.1.59 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.12 < 6.1.59"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.12 < 6.5.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.12 < 6.5.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.12 < 6.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.12 < 6.6"		en		Affected