Wind River Support Network

Not to be fixed

LIN1021-7614 : Security Advisory - linux - CVE-2023-52510

Created: Mar 2, 2024    Updated: Apr 11, 2024
Resolved Date: Apr 11, 2024
Found In Version:
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Kernel


In the Linux kernel, the following vulnerability has been resolved:

ieee802154: ca8210: Fix a potential UAF in ca8210_probe

If of_clk_add_provider() fails in ca8210_register_ext_clock(),
it calls clk_unregister() to release priv->clk and returns an
error. However, the caller ca8210_probe() then calls ca8210_remove(),
where priv->clk is freed again in ca8210_unregister_ext_clock(). In
this case, a use-after-free may happen in the second time we call

Fix this by removing the first clk_unregister(). Also, priv->clk could
be an error code on failure of clk_register_fixed_rate(). Use
IS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock().

CREATE(Triage):(User=admin) CVE-2023-52510 (
Live chat