Linux · Linux Kernel · CVE-2023-52468
**Name of the Vulnerable Software and Affected Versions**
Linux kernel versions prior to 6.6.0-mainline-maybe-dirty #1
**Description**
The issue is related to a use-after-free vulnerability in the `class register()` function. The `lock class key` is still registered and can be found in `lock keys hash` hlist after `subsys private` is freed in error handler path. A task that iterates over the `lock keys hash` later may cause use-after-free. The vulnerability can be exploited if `lockdep` is enabled, which is not true for normal systems. With Kasan enabled, it prints an invalid-access bug report.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.