CVE-2023-53636 in Linuxinformación

Resumen

por MITRE • 2025-10-07

In the Linux kernel, the following vulnerability has been resolved:

clk: microchip: fix potential UAF in auxdev release callback

Similar to commit 1c11289b34ab ("peci: cpu: Fix use-after-free in adev_release()"), the auxiliary device is not torn down in the correct order. If auxiliary_device_add() fails, the release callback will be called twice, resulting in a UAF. Due to timing, the auxdev code in this driver "took inspiration" from the aforementioned commit, and thus its bugs too!

Moving auxiliary_device_uninit() to the unregister callback instead avoids the issue.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsable

Linux

Reservar

2025-10-07

Divulgación

2025-10-07

Moderación

aceptado

Artículo

VDB-327475

CPE

listo

EPSS

0.00188

KEV

no

Actividades

muy bajo

Fuentes

Do you know our Splunk app?

Download it now for free!