CVE-2023-52571

HIGH

Linux Kernel - Use-After-Free in rk817 Power Supply Driver

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: power: supply: rk817: Fix node refcount leak Dan Carpenter reports that the Smatch static checker warning has found that there is another refcount leak in the probe function. While of_node_put() was added in one of the return paths, it should in fact be added for ALL return paths that return an error and at driver removal time.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/fe6406238d5a24e9fb0286c71edd67b99d8db58d

Patch

https://git.kernel.org/stable/c/70326b46b6a043f7e7404b2ff678b033c06d6577

Patch

https://git.kernel.org/stable/c/488ef44c068e79752dba8eda0b75f524f111a695

Scores

CVSS v3 7.1

EPSS 0.0023

EPSS Percentile 13.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (11)

Linux/Linux < 6.2

Linux/Linux 54c03bfd094fb74f9533a9c28250219afe182382 - 488ef44c068e79752dba8eda0b75f524f111a695

Linux/Linux 54c03bfd094fb74f9533a9c28250219afe182382 - 70326b46b6a043f7e7404b2ff678b033c06d6577

Linux/Linux 6.1.2 - 6.1.56

Linux/Linux 6.1.56 - 6.1.*

Linux/Linux 6.2

Linux/Linux 6.5.6 - 6.5.*

Linux/Linux 6.6

Linux/Linux 7d1e3961725e69774871b081a065c2b3640c5f0e - fe6406238d5a24e9fb0286c71edd67b99d8db58d

linux/linux_kernel 6.6 rc1 (3 CPE variants)

... and 1 more

Published Mar 02, 2024

Tracked Since Feb 18, 2026