Description

In the Linux kernel, the following vulnerability has been resolved: perf: hisi: Fix use-after-free when register pmu fails When we fail to register the uncore pmu, the pmu context may not been allocated. The error handing will call cpuhp_state_remove_instance() to call uncore pmu offline callback, which migrate the pmu context. Since that's liable to lead to some kind of use-after-free. Use cpuhp_state_remove_instance_nocalls() instead of cpuhp_state_remove_instance() so that the notifiers don't execute after the PMU device has been failed to register.

INFO

Published Date :

2024-05-21T15:31:52.546Z

Last Modified :

2025-05-04T07:44:27.898Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2023-52859 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-52859.

URL Resource
https://git.kernel.org/stable/c/0e1e88bba286621b886218363de07b319d6208b2 cve-icon cve-icon
https://git.kernel.org/stable/c/3405f364f82d4f5407a8b4c519dc15d24b847fda cve-icon cve-icon
https://git.kernel.org/stable/c/75bab28ffd05ec8879c197890b1bd1dfec8d3f63 cve-icon cve-icon
https://git.kernel.org/stable/c/b660420f449d094b1fabfa504889810b3a63cdd5 cve-icon cve-icon
https://git.kernel.org/stable/c/b805cafc604bfdb671fae7347a57f51154afa735 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024052117-CVE-2023-52859-ad0e@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-52859 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-52859 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact