Description

In the Linux kernel, the following vulnerability has been resolved: clk: microchip: fix potential UAF in auxdev release callback Similar to commit 1c11289b34ab ("peci: cpu: Fix use-after-free in adev_release()"), the auxiliary device is not torn down in the correct order. If auxiliary_device_add() fails, the release callback will be called twice, resulting in a UAF. Due to timing, the auxdev code in this driver "took inspiration" from the aforementioned commit, and thus its bugs too! Moving auxiliary_device_uninit() to the unregister callback instead avoids the issue.

INFO

Published Date :

2025-10-07T15:19:37.655Z

Last Modified :

2025-10-07T15:19:37.655Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2023-53636 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-53636.

URL Resource
https://git.kernel.org/stable/c/5b4052aa956e11bcd19e50ca559eb38dcb46201b cve-icon cve-icon
https://git.kernel.org/stable/c/7455b7007b9e93bcc2bc9c1c6c73a228e3152069 cve-icon cve-icon
https://git.kernel.org/stable/c/934406b2d42eaf3fc57f5546cc68ff7ab9680bb3 cve-icon cve-icon
https://git.kernel.org/stable/c/d7d6dacf39ed102d7667721ca1700022c9c8b11a cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025100714-CVE-2023-53636-20bd@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-53636 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-53636 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact