In the Linux kernel, the following vulnerability has been resolved:
ieee802154: ca8210: Fix a potential UAF in ca8210_probe If
of_clk_add_provider() fails in ca8210_register_ext_clock(), it calls
clk_unregister() to release priv->clk and returns an error. However, the
caller ca8210_probe() then calls ca8210_remove(), where priv->clk is freed
again in ca8210_unregister_ext_clock(). In this case, a use-after-free may
happen in the second time we call clk_unregister(). Fix this by removing
the first clk_unregister(). Also, priv->clk could be an error code on
failure of clk_register_fixed_rate(). Use IS_ERR_OR_NULL to catch this case
in ca8210_unregister_ext_clock().
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | < any | UNKNOWN |