CVE-2023-53854

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the ASoC mediatek mt8186 driver related to the order of function calls during device removal. Specifically, the mt8186 init clock() function calls mt8186 audsys clk register() and subsequently uses devm functions. The associated mt8186 deinit clock() function, called via devm add action or reset(), was executed in the incorrect order during removal, leading to a use-after-free condition. This issue stemmed from incorrect handling of devm (device managed memory) and custom devm implementations using devm add action or reset(). The incorrect order of operations during removal was: unregistering the clock, freeing clock entries, and then freeing the clock pointer. Correcting the devm usage resolves the use-after-free and also addresses a memory leak that would have occurred if syscon regmap lookup by phandle() calls in mt8186 init clock() had failed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.