cve-2023-52473
Vulnerability from cvelistv5
Published
2024-02-25 08:16
Modified
2024-11-04 14:47
Severity ?
Summary
thermal: core: Fix NULL pointer dereference in zone registration error path
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52473",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-28T17:02:01.299999Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-28T17:02:09.319Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:19.761Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/335176dd8ebaca6493807dceea33c478305667fa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/02871710b93058eb1249d5847c0b2d1c2c3c98ae"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/04e6ccfc93c5a1aa1d75a537cf27e418895e20ea"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/thermal/thermal_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "335176dd8eba",
              "status": "affected",
              "version": "3d439b1a2ad3",
              "versionType": "git"
            },
            {
              "lessThan": "02871710b930",
              "status": "affected",
              "version": "3d439b1a2ad3",
              "versionType": "git"
            },
            {
              "lessThan": "04e6ccfc93c5",
              "status": "affected",
              "version": "3d439b1a2ad3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/thermal/thermal_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: Fix NULL pointer dereference in zone registration error path\n\nIf device_register() in thermal_zone_device_register_with_trips()\nreturns an error, the tz variable is set to NULL and subsequently\ndereferenced in kfree(tz-\u003etzp).\n\nCommit adc8749b150c (\"thermal/drivers/core: Use put_device() if\ndevice_register() fails\") added the tz = NULL assignment in question to\navoid a possible double-free after dropping the reference to the zone\ndevice.  However, after commit 4649620d9404 (\"thermal: core: Make\nthermal_zone_device_unregister() return after freeing the zone\"), that\nassignment has become redundant, because dropping the reference to the\nzone device does not cause the zone object to be freed any more.\n\nDrop it to address the NULL pointer dereference."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T14:47:30.546Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/335176dd8ebaca6493807dceea33c478305667fa"
        },
        {
          "url": "https://git.kernel.org/stable/c/02871710b93058eb1249d5847c0b2d1c2c3c98ae"
        },
        {
          "url": "https://git.kernel.org/stable/c/04e6ccfc93c5a1aa1d75a537cf27e418895e20ea"
        }
      ],
      "title": "thermal: core: Fix NULL pointer dereference in zone registration error path",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52473",
    "datePublished": "2024-02-25T08:16:35.551Z",
    "dateReserved": "2024-02-20T12:30:33.298Z",
    "dateUpdated": "2024-11-04T14:47:30.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-52473\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-26T16:27:48.977\",\"lastModified\":\"2024-04-17T18:30:15.123\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nthermal: core: Fix NULL pointer dereference in zone registration error path\\n\\nIf device_register() in thermal_zone_device_register_with_trips()\\nreturns an error, the tz variable is set to NULL and subsequently\\ndereferenced in kfree(tz-\u003etzp).\\n\\nCommit adc8749b150c (\\\"thermal/drivers/core: Use put_device() if\\ndevice_register() fails\\\") added the tz = NULL assignment in question to\\navoid a possible double-free after dropping the reference to the zone\\ndevice.  However, after commit 4649620d9404 (\\\"thermal: core: Make\\nthermal_zone_device_unregister() return after freeing the zone\\\"), that\\nassignment has become redundant, because dropping the reference to the\\nzone device does not cause the zone object to be freed any more.\\n\\nDrop it to address the NULL pointer dereference.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Thermal: Core: corrige la desreferencia del puntero NULL en la ruta del error de registro de zona. Si device_register() en Thermal_zone_device_register_with_trips() devuelve un error, la variable tz se establece en NULL y posteriormente se desreferencia en kfree( tz-\u0026gt;tzp). el commit adc8749b150c (\\\"thermal/drivers/core: use put_device() si falla el dispositivo_register()\\\") agreg\u00f3 la asignaci\u00f3n tz = NULL en cuesti\u00f3n para evitar una posible doble liberaci\u00f3n despu\u00e9s de eliminar la referencia al dispositivo de zona. Sin embargo, despu\u00e9s de el commit 4649620d9404 (\\\"thermal: core: Make Thermal_zone_device_unregister() return despu\u00e9s de liberar la zona\\\"), esa asignaci\u00f3n se ha vuelto redundante, porque eliminar la referencia al dispositivo de zona ya no causa que el objeto de zona se libere m\u00e1s. Su\u00e9ltelo para abordar la desreferencia del puntero NULL.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.0\",\"versionEndExcluding\":\"6.6.14\",\"matchCriteriaId\":\"686183E6-D5C3-4A5B-9A18-8E3B4294EA6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7.0\",\"versionEndExcluding\":\"6.7.2\",\"matchCriteriaId\":\"0EA3778C-730B-464C-8023-18CA6AC0B807\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/02871710b93058eb1249d5847c0b2d1c2c3c98ae\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/04e6ccfc93c5a1aa1d75a537cf27e418895e20ea\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/335176dd8ebaca6493807dceea33c478305667fa\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.