What is CVE-2023-52679?

CVE-2023-52679 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10. CVE-2023-52679 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-52679?

CVE-2023-52679 has a CVSS score of 7.8 out of 10, rated High severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Is there a patch available for CVE-2023-52679?

No patch is currently available for CVE-2023-52679. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2023-52679 actively exploited?

CVE-2023-52679 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-52679

High

In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop that iterates through the map entries calls of_node_put(new) to free the reference acquired by the previous iteration of the inner loop. This assumes that the value of "new" is NULL on the first iteration of the inner loop. Make sure that this is true in all iterations of the outer loop by setting "new" to NULL after its value is assigned to "cur". Extend the unittest to detect the double free and add an additional test case that actually triggers this path.

Package Linux Kernel

Published 2024-05-17

Last modified 2025-01-10

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

7.8

out of 10

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness type

CWE-415

CVE-2023-52679 is classified as CWE-415

See CWE-415 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2023-52679 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html

Mailing List
Debian Security
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Mailing List
Kernel patch commit
https://git.kernel.org/stable/c/26b4d702c44f9e5cf3c5c001ae619a4a001889db
Patch
Kernel patch commit
https://git.kernel.org/stable/c/4541004084527ce9e95a818ebbc4e6b293ffca21
Patch
Kernel patch commit
https://git.kernel.org/stable/c/4dde83569832f9377362e50f7748463340c5db6b
Patch

8 patch commits total View all on NVD

Details

CVE ID CVE-2023-52679

Severity High

CVSS score 7.8 / 10

CVSS version 3.1

Published 2024-05-17

Modified 2025-01-10

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2023-52679?

CVE-2023-52679 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10 . CVE-2023-52679 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2023-52679?

CVE-2023-52679 has a CVSS score of 7.8 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Is there a patch available for CVE-2023-52679?

No patch is currently available for CVE-2023-52679. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2023-52679 actively exploited?

No — CVE-2023-52679 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.