CVE-2023-52688

HIGH

Linux kernel 6.7-6.7.2 - Use-After-Free in ath12k WiFi Driver

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix the error handler of rfkill config When the core rfkill config throws error, it should free the allocated resources. Currently it is not freeing the core pdev create resources. Avoid this issue by calling the core pdev destroy in the error handler of core rfkill config. Found this issue in the code review and it is compile tested only.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/b4e593a7a22fa3c7d0550ef51c90b5c21f790aa8

Patch

https://git.kernel.org/stable/c/898d8b3e1414cd900492ee6a0b582f8095ba4a1a

Scores

CVSS v3 7.8

EPSS 0.0023

EPSS Percentile 13.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-415

Status published

Products (7)

Linux/Linux < 6.7

Linux/Linux 004ccbc0dd49c63576a4c60a663a38dd3cb6bee5 - 898d8b3e1414cd900492ee6a0b582f8095ba4a1a

Linux/Linux 004ccbc0dd49c63576a4c60a663a38dd3cb6bee5 - b4e593a7a22fa3c7d0550ef51c90b5c21f790aa8

Linux/Linux 6.7

Linux/Linux 6.7.2 - 6.7.*

Linux/Linux 6.8

linux/linux_kernel 6.7 - 6.7.2

Published May 17, 2024

Tracked Since Feb 18, 2026