CVE-2023-52679

of: Fix double free in of_parse_phandle_with_args_map

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

of: Fix double free in of_parse_phandle_with_args_map

In of_parse_phandle_with_args_map() the inner loop that
iterates through the map entries calls of_node_put(new)
to free the reference acquired by the previous iteration
of the inner loop. This assumes that the value of "new" is
NULL on the first iteration of the inner loop.

Make sure that this is true in all iterations of the outer
loop by setting "new" to NULL after its value is assigned to "cur".

Extend the unittest to detect the double free and add an additional
test case that actually triggers this path.

En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: of: Solucionado double free en of_parse_phandle_with_args_map En of_parse_phandle_with_args_map() el bucle interno que itera por las entradas del mapa llama a of_node_put(new) para liberar la referencia adquirida por la iteración anterior del bucle interno . Esto supone que el valor de "nuevo" es NULL en la primera iteración del bucle interno. Asegúrese de que esto sea cierto en todas las iteraciones del bucle externo estableciendo "nuevo" en NULL después de que su valor se asigne a "cur". Amplíe la prueba unitaria para detectar el doble free y agregue un caso de prueba adicional que realmente active esta ruta.

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-07 CVE Reserved
2024-05-17 CVE Published
2024-05-18 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (13)

URL	Tag	Source
https://git.kernel.org/stable/c/bd6f2fd5a1d52198468c5cdc3c2472362dff5aaa	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/26b4d702c44f9e5cf3c5c001ae619a4a001889db	2024-01-25
https://git.kernel.org/stable/c/a0a061151a6200c13149dbcdb6c065203c8425d2	2024-01-25
https://git.kernel.org/stable/c/d5f490343c77e6708b6c4aa7dbbfbcbb9546adea	2024-01-25
https://git.kernel.org/stable/c/4541004084527ce9e95a818ebbc4e6b293ffca21	2024-01-25
https://git.kernel.org/stable/c/b9d760dae5b10e73369b769073525acd7b3be2bd	2024-01-25
https://git.kernel.org/stable/c/b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8	2024-01-25
https://git.kernel.org/stable/c/cafa992134124e785609a406da4ff2b54052aff7	2024-01-25
https://git.kernel.org/stable/c/4dde83569832f9377362e50f7748463340c5db6b	2024-01-09

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-52679	2024-08-08
https://bugzilla.redhat.com/show_bug.cgi?id=2281326	2024-08-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 4.19.306 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 4.19.306"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 5.4.268 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 5.4.268"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 5.10.209 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 5.10.209"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 5.15.148 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 5.15.148"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 6.1.75 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 6.1.75"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 6.6.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 6.6.14"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 6.7.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 6.7.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.17 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.17 < 6.8"		en		Affected