CVE-2023-52469 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kv_parse_power_table When ps allocated by kzalloc equals to NULL, kv_parse_power_table frees adev->pm.dpm.ps that allocated before. However, after the control flow goes through the following call chains: kv_parse_power_table |-> kv_dpm_init |-> kv_dpm_sw_init |-> kv_dpm_fini The adev->pm.dpm.ps is used in the for loop of kv_dpm_fini after its first free in kv_parse_power_table and causes a use-after-free bug.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

References

Link	Resource
https://git.kernel.org/stable/c/28dd788382c43b330480f57cd34cde0840896743	Patch
https://git.kernel.org/stable/c/3426f059eacc33ecc676b0d66539297e1cfafd02	Patch
https://git.kernel.org/stable/c/35fa2394d26e919f63600ce631e6aefc95ec2706	Patch
https://git.kernel.org/stable/c/520e213a0b97b64735a13950e9371e0a5d7a5dc3	Patch
https://git.kernel.org/stable/c/8a27d9d9fc9b5564b8904c3a77a7dea482bfa34e	Patch
https://git.kernel.org/stable/c/8b55b06e737feb2a645b0293ea27e38418876d63	Patch
https://git.kernel.org/stable/c/95084632a65d5c0d682a83b55935560bdcd2a1e3	Patch
https://git.kernel.org/stable/c/b6dcba02ee178282e0d28684d241e0b8462dea6a	Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-25T08:16:33.016Z

Updated: 2024-05-28T19:50:00.874Z

Reserved: 2024-02-20T12:30:33.297Z

Link: CVE-2023-52469

JSON object: View

NVD Information

Status : Modified

Published: 2024-02-26T16:27:48.767

Modified: 2024-06-27T13:15:53.007

Link: CVE-2023-52469

JSON object: View

Redhat Information

No data.

CWE

CWE-416

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-52469", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.297Z", "datePublished": "2024-02-25T08:16:33.016Z", "dateUpdated": "2024-05-28T19:50:00.874Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-28T19:50:00.874Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/amd/pm: fix a use-after-free in kv_parse_power_table\n\nWhen ps allocated by kzalloc equals to NULL, kv_parse_power_table\nfrees adev->pm.dpm.ps that allocated before. However, after the control\nflow goes through the following call chains:\n\nkv_parse_power_table\n |-> kv_dpm_init\n |-> kv_dpm_sw_init\n\t |-> kv_dpm_fini\n\nThe adev->pm.dpm.ps is used in the for loop of kv_dpm_fini after its\nfirst free in kv_parse_power_table and causes a use-after-free bug."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c"], "versions": [{"version": "a2e73f56fa62", "lessThan": "8a27d9d9fc9b", "status": "affected", "versionType": "git"}, {"version": "a2e73f56fa62", "lessThan": "8b55b06e737f", "status": "affected", "versionType": "git"}, {"version": "a2e73f56fa62", "lessThan": "520e213a0b97", "status": "affected", "versionType": "git"}, {"version": "a2e73f56fa62", "lessThan": "b6dcba02ee17", "status": "affected", "versionType": "git"}, {"version": "a2e73f56fa62", "lessThan": "35fa2394d26e", "status": "affected", "versionType": "git"}, {"version": "a2e73f56fa62", "lessThan": "95084632a65d", "status": "affected", "versionType": "git"}, {"version": "a2e73f56fa62", "lessThan": "3426f059eacc", "status": "affected", "versionType": "git"}, {"version": "a2e73f56fa62", "lessThan": "28dd788382c4", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c"], "versions": [{"version": "4.2", "status": "affected"}, {"version": "0", "lessThan": "4.2", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.306", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.268", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.209", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.148", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.75", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.14", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7.2", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/8a27d9d9fc9b5564b8904c3a77a7dea482bfa34e"}, {"url": "https://git.kernel.org/stable/c/8b55b06e737feb2a645b0293ea27e38418876d63"}, {"url": "https://git.kernel.org/stable/c/520e213a0b97b64735a13950e9371e0a5d7a5dc3"}, {"url": "https://git.kernel.org/stable/c/b6dcba02ee178282e0d28684d241e0b8462dea6a"}, {"url": "https://git.kernel.org/stable/c/35fa2394d26e919f63600ce631e6aefc95ec2706"}, {"url": "https://git.kernel.org/stable/c/95084632a65d5c0d682a83b55935560bdcd2a1e3"}, {"url": "https://git.kernel.org/stable/c/3426f059eacc33ecc676b0d66539297e1cfafd02"}, {"url": "https://git.kernel.org/stable/c/28dd788382c43b330480f57cd34cde0840896743"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "title": "drivers/amd/pm: fix a use-after-free in kv_parse_power_table", "x_generator": {"engine": "bippy-a5840b7849dd"}}}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "70CC102A-02F0-48B6-BEE8-3547C9651B25", "versionEndExcluding": "4.19.306", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "35ADF607-EDCA-45AB-8FB6-9F2D40D47C0C", "versionEndExcluding": "5.4.268", "versionStartIncluding": "4.20.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D2E4F24-2FBB-4434-8598-2B1499E566B5", "versionEndExcluding": "5.10.209", "versionStartIncluding": "5.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E25E1389-4B0F-407A-9C94-5908FF3EE88B", "versionEndExcluding": "5.15.148", "versionStartIncluding": "5.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C4951FA-80C0-4B4C-9836-6E5035DEB0F9", "versionEndExcluding": "6.1.75", "versionStartIncluding": "5.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BDBBEB0E-D13A-4567-8984-51C5375350B9", "versionEndExcluding": "6.6.14", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807", "versionEndExcluding": "6.7.2", "versionStartIncluding": "6.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/amd/pm: fix a use-after-free in kv_parse_power_table\n\nWhen ps allocated by kzalloc equals to NULL, kv_parse_power_table\nfrees adev->pm.dpm.ps that allocated before. However, after the control\nflow goes through the following call chains:\n\nkv_parse_power_table\n |-> kv_dpm_init\n |-> kv_dpm_sw_init\n\t |-> kv_dpm_fini\n\nThe adev->pm.dpm.ps is used in the for loop of kv_dpm_fini after its\nfirst free in kv_parse_power_table and causes a use-after-free bug."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drivers/amd/pm: corrige un use-after-free en kv_parse_power_table Cuando ps asignado por kzalloc es igual a NULL, kv_parse_power_table libera adev->pm.dpm.ps que se asign\u00f3 antes. Sin embargo, despu\u00e9s de que el flujo de control pasa por las siguientes cadenas de llamadas: kv_parse_power_table |-> kv_dpm_init |-> kv_dpm_sw_init |-> kv_dpm_fini El adev->pm.dpm.ps se usa en el bucle for de kv_dpm_fini despu\u00e9s de su primera liberaci\u00f3n en kv_parse_power_table y provoca un error de use-after-free."}], "id": "CVE-2023-52469", "lastModified": "2024-06-27T13:15:53.007", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-26T16:27:48.767", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/28dd788382c43b330480f57cd34cde0840896743"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3426f059eacc33ecc676b0d66539297e1cfafd02"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/35fa2394d26e919f63600ce631e6aefc95ec2706"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/520e213a0b97b64735a13950e9371e0a5d7a5dc3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8a27d9d9fc9b5564b8904c3a77a7dea482bfa34e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8b55b06e737feb2a645b0293ea27e38418876d63"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/95084632a65d5c0d682a83b55935560bdcd2a1e3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b6dcba02ee178282e0d28684d241e0b8462dea6a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}