Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-52584

UNKNOWN
Published 2024-03-06T06:45:19.847Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-52584. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
3.8
/10
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.001
probability
of exploitation in the wild

There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.162
Higher than 16.2% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
LOW
Integrity
LOW
Availability
NONE

Description

In the Linux kernel, the following vulnerability has been resolved:

spmi: mediatek: Fix UAF on device remove

The pmif driver data that contains the clocks is allocated along with
spmi_controller.
On device remove, spmi_controller will be freed first, and then devres
, including the clocks, will be cleanup.
This leads to UAF because putting the clocks will access the clocks in
the pmif driver data, which is already freed along with spmi_controller.

This can be reproduced by enabling DEBUG_TEST_DRIVER_REMOVE and
building the kernel with KASAN.

Fix the UAF issue by using unmanaged clk_bulk_get() and putting the
clocks before freeing spmi_controller.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Linux

Affected Versions:

b45b3ccef8c063d21eb746d85337eaf71f6b5f07 b45b3ccef8c063d21eb746d85337eaf71f6b5f07 b45b3ccef8c063d21eb746d85337eaf71f6b5f07 b45b3ccef8c063d21eb746d85337eaf71f6b5f07
Linux

Linux

Affected Versions:

5.17 0 6.1.77 6.6.16 6.7.4 6.8
linux

kernel

Affected Versions:

1da177e4c3f4 1da177e4c3f4 1da177e4c3f4 1da177e4c3f4 6.1.77 6.6.16 6.7.4 6.8

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed LOW

GHSA-jmmm-pcpp-rrc4

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: spmi: mediatek: Fix UAF on device remove The pmif driver data that contains the clocks is allocated along with spmi_controller. On device remove, spmi_controller will be freed first, and then devres , including the clocks, will be cleanup. This leads to UAF because putting the clocks will access the clocks in the pmif driver data, which is already freed along with spmi_controller. This can be reproduced by enabling DEBUG_TEST_DRIVER_REMOVE and building the kernel with KASAN. Fix the UAF issue by using unmanaged clk_bulk_get() and putting the clocks before freeing spmi_controller.

CVSS Scoring

CVSS Score

2.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-52584
WEB https://git.kernel.org/stable/c/521f28eedd6b14228c46e3b81e3bf9b90c2818d8
WEB https://git.kernel.org/stable/c/9a3881b1f07db1bb55cb0108e6f05cfd027eaf2e
WEB https://git.kernel.org/stable/c/e821d50ab5b956ed0effa49faaf29912fd4106d9
WEB https://git.kernel.org/stable/c/f8dcafcb54632536684336161da8bdd52120f95e

Advisory provided by GitHub Security Advisory Database. Published: March 6, 2024, Modified: August 6, 2024

References

https://git.kernel.org/stable/c/521f28eedd6b14228c46e3b81e3bf9b90c2818d8
https://git.kernel.org/stable/c/f8dcafcb54632536684336161da8bdd52120f95e
https://git.kernel.org/stable/c/9a3881b1f07db1bb55cb0108e6f05cfd027eaf2e
https://git.kernel.org/stable/c/e821d50ab5b956ed0effa49faaf29912fd4106d9
Published: 2024-03-06T06:45:19.847Z
Last Modified: 2025-06-19T13:10:54.479Z
Copied to clipboard!