CVE-2023-52584

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free (UAF) issue has been resolved in the Linux kernel. The pmif driver data, which contains clocks, is allocated along with spmi controller. When a device is removed, spmi controller is freed first, followed by the cleanup of devres, including the clocks. This leads to a UAF because the clocks are accessed after spmi controller has been freed. The issue can be reproduced by enabling DEBUG TEST DRIVER REMOVE and building the kernel with KASAN. The fix involves using unmanaged clk bulk get() and putting the clocks before freeing spmi controller.

Recommendations To resolve the issue, use unmanaged clk bulk get() and put the clocks before freeing spmi controller. As a temporary workaround, consider disabling the spmi: mediatek driver until a patch is available. Restrict access to the vulnerable spmi controller to minimize the risk of exploitation. Avoid using the devres cleanup function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.