CVE-2023-52679Double Free in Linux

CWE-415Double Free22 documents7 sources
Severity
7.8HIGHNVD
OSV7.5
EPSS
0.0%
top 98.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMay 17
Latest updateJun 26

Description

In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop that iterates through the map entries calls of_node_put(new) to free the reference acquired by the previous iteration of the inner loop. This assumes that the value of "new" is NULL on the first iteration of the inner loop. Make sure that this is true in all iterations of the outer loop by setting "new" to NULL after its v

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel4.174.19.306+6
Debianlinux/linux_kernel< 5.10.209-1+3
CVEListV5linux/linuxbd6f2fd5a1d52198468c5cdc3c2472362dff5aaa26b4d702c44f9e5cf3c5c001ae619a4a001889db+8
debiandebian/linux< linux 6.1.76-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

10
OSV
linux-oracle-6.5 vulnerabilities2024-06-26
OSV
linux-hwe-6.5 vulnerabilities2024-06-18
OSV
linux-nvidia-6.5 vulnerabilities2024-06-14
OSV
linux-oem-6.5 vulnerabilities2024-06-12
OSV
linux-aws, linux-oracle vulnerabilities2024-06-11

📋Vendor Advisories

10
Ubuntu
Linux kernel (Oracle) vulnerabilities2024-06-26
Ubuntu
Linux kernel (HWE) vulnerabilities2024-06-18
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2024-06-14
Ubuntu
Linux kernel (OEM) vulnerabilities2024-06-12
Ubuntu
Linux kernel vulnerabilities2024-06-11

💬Community

1
Bugzilla
CVE-2023-52679 kernel: of: Fix double free in of_parse_phandle_with_args_map2024-05-18