CVE-2023-52473

{"id": "CVE-2023-52473", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-02-26T16:27:48.977", "references": [{"url": "https://git.kernel.org/stable/c/02871710b93058eb1249d5847c0b2d1c2c3c98ae", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/04e6ccfc93c5a1aa1d75a537cf27e418895e20ea", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/335176dd8ebaca6493807dceea33c478305667fa", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: Fix NULL pointer dereference in zone registration error path\n\nIf device_register() in thermal_zone_device_register_with_trips()\nreturns an error, the tz variable is set to NULL and subsequently\ndereferenced in kfree(tz->tzp).\n\nCommit adc8749b150c (\"thermal/drivers/core: Use put_device() if\ndevice_register() fails\") added the tz = NULL assignment in question to\navoid a possible double-free after dropping the reference to the zone\ndevice. However, after commit 4649620d9404 (\"thermal: core: Make\nthermal_zone_device_unregister() return after freeing the zone\"), that\nassignment has become redundant, because dropping the reference to the\nzone device does not cause the zone object to be freed any more.\n\nDrop it to address the NULL pointer dereference."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Thermal: Core: corrige la desreferencia del puntero NULL en la ruta del error de registro de zona. Si device_register() en Thermal_zone_device_register_with_trips() devuelve un error, la variable tz se establece en NULL y posteriormente se desreferencia en kfree( tz->tzp). el commit adc8749b150c (\"thermal/drivers/core: use put_device() si falla el dispositivo_register()\") agreg\u00f3 la asignaci\u00f3n tz = NULL en cuesti\u00f3n para evitar una posible doble liberaci\u00f3n despu\u00e9s de eliminar la referencia al dispositivo de zona. Sin embargo, despu\u00e9s de el commit 4649620d9404 (\"thermal: core: Make Thermal_zone_device_unregister() return despu\u00e9s de liberar la zona\"), esa asignaci\u00f3n se ha vuelto redundante, porque eliminar la referencia al dispositivo de zona ya no causa que el objeto de zona se libere m\u00e1s. Su\u00e9ltelo para abordar la desreferencia del puntero NULL."}], "lastModified": "2024-04-17T18:30:15.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "686183E6-D5C3-4A5B-9A18-8E3B4294EA6A", "versionEndExcluding": "6.6.14", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807", "versionEndExcluding": "6.7.2", "versionStartIncluding": "6.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}