CVE-2023-52684

MEDIUM

Linux Kernel 6.7-6.7.2 - Use-After-Free in qseecom Error Paths

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: qseecom: fix memory leaks in error paths Fix instances of returning error codes directly instead of jumping to the relevant labels where memory allocated for the SCM calls would be freed.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/85fdbf6840455be64eac16bdfe0df3368ee3d0f0

Patch

https://git.kernel.org/stable/c/6c57d7b593c4a4e60db65d5ce0fe1d9f79ccbe9b

Scores

CVSS v3 5.5

EPSS 0.0020

EPSS Percentile 10.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (7)

Linux/Linux < 6.7

Linux/Linux 6.7

Linux/Linux 6.7.2 - 6.7.*

Linux/Linux 6.8

Linux/Linux 759e7a2b62eb3ef3c93ffeb5cca788a09627d7d9 - 6c57d7b593c4a4e60db65d5ce0fe1d9f79ccbe9b

Linux/Linux 759e7a2b62eb3ef3c93ffeb5cca788a09627d7d9 - 85fdbf6840455be64eac16bdfe0df3368ee3d0f0

linux/linux_kernel 6.7 - 6.7.2

Published May 17, 2024

Tracked Since Feb 18, 2026