FKIE_CVE-2023-52679

Vulnerability from fkie_nvd - Published: 2024-05-17 15:15 - Updated: 2025-01-10 17:43
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop that iterates through the map entries calls of_node_put(new) to free the reference acquired by the previous iteration of the inner loop. This assumes that the value of "new" is NULL on the first iteration of the inner loop. Make sure that this is true in all iterations of the outer loop by setting "new" to NULL after its value is assigned to "cur". Extend the unittest to detect the double free and add an additional test case that actually triggers this path.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/26b4d702c44f9e5cf3c5c001ae619a4a001889dbPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4541004084527ce9e95a818ebbc4e6b293ffca21Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4dde83569832f9377362e50f7748463340c5db6bPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a0a061151a6200c13149dbcdb6c065203c8425d2Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b9d760dae5b10e73369b769073525acd7b3be2bdPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/cafa992134124e785609a406da4ff2b54052aff7Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d5f490343c77e6708b6c4aa7dbbfbcbb9546adeaPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/26b4d702c44f9e5cf3c5c001ae619a4a001889dbPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/4541004084527ce9e95a818ebbc4e6b293ffca21Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/4dde83569832f9377362e50f7748463340c5db6bPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/a0a061151a6200c13149dbcdb6c065203c8425d2Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b9d760dae5b10e73369b769073525acd7b3be2bdPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/cafa992134124e785609a406da4ff2b54052aff7Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/d5f490343c77e6708b6c4aa7dbbfbcbb9546adeaPatch
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00016.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00020.htmlMailing List
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
debian debian_linux 10.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4D8B3F-449D-4567-97A5-EBCD7F5B6877",
              "versionEndExcluding": "4.19.306",
              "versionStartIncluding": "4.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "991BF737-6083-429B-ACD5-FB27D4143E2F",
              "versionEndExcluding": "5.4.268",
              "versionStartIncluding": "4.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74979A03-4B10-4815-AE3E-C8C0D2FDAA39",
              "versionEndExcluding": "5.10.209",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED0CDB9-61B0-408E-B2A8-5199107F7868",
              "versionEndExcluding": "5.15.148",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "070D0ED3-90D0-4F95-B1FF-57D7F46F332D",
              "versionEndExcluding": "6.1.75",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C6B50A6-3D8B-4CE2-BDCC-A098609CBA14",
              "versionEndExcluding": "6.6.14",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7229C448-E0C9-488B-8939-36BA5254065E",
              "versionEndExcluding": "6.7.2",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: Fix double free in of_parse_phandle_with_args_map\n\nIn of_parse_phandle_with_args_map() the inner loop that\niterates through the map entries calls of_node_put(new)\nto free the reference acquired by the previous iteration\nof the inner loop. This assumes that the value of \"new\" is\nNULL on the first iteration of the inner loop.\n\nMake sure that this is true in all iterations of the outer\nloop by setting \"new\" to NULL after its value is assigned to \"cur\".\n\nExtend the unittest to detect the double free and add an additional\ntest case that actually triggers this path."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: of: Solucionado double free en of_parse_phandle_with_args_map En of_parse_phandle_with_args_map() el bucle interno que itera por las entradas del mapa llama a of_node_put(new) para liberar la referencia adquirida por la iteraci\u00f3n anterior del bucle interno . Esto supone que el valor de \"nuevo\" es NULL en la primera iteraci\u00f3n del bucle interno. Aseg\u00farese de que esto sea cierto en todas las iteraciones del bucle externo estableciendo \"nuevo\" en NULL despu\u00e9s de que su valor se asigne a \"cur\". Ampl\u00ede la prueba unitaria para detectar el doble free y agregue un caso de prueba adicional que realmente active esta ruta."
    }
  ],
  "id": "CVE-2023-52679",
  "lastModified": "2025-01-10T17:43:16.480",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-17T15:15:19.207",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/26b4d702c44f9e5cf3c5c001ae619a4a001889db"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/4541004084527ce9e95a818ebbc4e6b293ffca21"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/4dde83569832f9377362e50f7748463340c5db6b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a0a061151a6200c13149dbcdb6c065203c8425d2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b9d760dae5b10e73369b769073525acd7b3be2bd"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/cafa992134124e785609a406da4ff2b54052aff7"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/d5f490343c77e6708b6c4aa7dbbfbcbb9546adea"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/26b4d702c44f9e5cf3c5c001ae619a4a001889db"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/4541004084527ce9e95a818ebbc4e6b293ffca21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/4dde83569832f9377362e50f7748463340c5db6b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a0a061151a6200c13149dbcdb6c065203c8425d2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b9d760dae5b10e73369b769073525acd7b3be2bd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/cafa992134124e785609a406da4ff2b54052aff7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/d5f490343c77e6708b6c4aa7dbbfbcbb9546adea"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-415"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.