CVE-2023-52688

HIGH

Linux Kernel < 6.7.2 - Double Free

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix the error handler of rfkill config When the core rfkill config throws error, it should free the allocated resources. Currently it is not freeing the core pdev create resources. Avoid this issue by calling the core pdev destroy in the error handler of core rfkill config. Found this issue in the code review and it is compile tested only.

References (2)

[Patch] https://git.kernel.org/stable/c/898d8b3e1414cd900492ee6a0b582f8095ba4a1a

[Patch] https://git.kernel.org/stable/c/b4e593a7a22fa3c7d0550ef51c90b5c21f790aa8

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 2.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status published

Affected Products (1)

linux/linux_kernel < 6.7.2

Timeline

Published May 17, 2024

Tracked Since Feb 18, 2026