CVE-2023-52688

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix the error handler of rfkill config When the core rfkill config throws error, it should free the allocated resources. Currently it is not freeing the core pdev create resources. Avoid this issue by calling the core pdev destroy in the error handler of core rfkill config. Found this issue in the code review and it is compile tested only.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/898d8b3e1414cd900492ee6a0b582f8095ba4a1a	Patch
https://git.kernel.org/stable/c/b4e593a7a22fa3c7d0550ef51c90b5c21f790aa8	Patch
https://git.kernel.org/stable/c/898d8b3e1414cd900492ee6a0b582f8095ba4a1a	Patch
https://git.kernel.org/stable/c/b4e593a7a22fa3c7d0550ef51c90b5c21f790aa8	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

19 Sep 2025, 18:46

Type	Values Removed	Values Added
First Time		Linux Linux linux Kernel
CWE		CWE-415
References	~~() https://git.kernel.org/stable/c/898d8b3e1414cd900492ee6a0b582f8095ba4a1a -~~	() https://git.kernel.org/stable/c/898d8b3e1414cd900492ee6a0b582f8095ba4a1a - Patch
References	~~() https://git.kernel.org/stable/c/b4e593a7a22fa3c7d0550ef51c90b5c21f790aa8 -~~	() https://git.kernel.org/stable/c/b4e593a7a22fa3c7d0550ef51c90b5c21f790aa8 - Patch
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8

Information

Published : 2024-05-17 15:15

Updated : 2025-09-19 18:46

NVD link : CVE-2023-52688

Mitre link : CVE-2023-52688

CVE.ORG link : CVE-2023-52688

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-415

Double Free

{"id": "CVE-2023-52688", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-05-17T15:15:19.883", "references": [{"url": "https://git.kernel.org/stable/c/898d8b3e1414cd900492ee6a0b582f8095ba4a1a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b4e593a7a22fa3c7d0550ef51c90b5c21f790aa8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/898d8b3e1414cd900492ee6a0b582f8095ba4a1a", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/b4e593a7a22fa3c7d0550ef51c90b5c21f790aa8", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-415"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix the error handler of rfkill config\n\nWhen the core rfkill config throws error, it should free the\nallocated resources. Currently it is not freeing the core pdev\ncreate resources. Avoid this issue by calling the core pdev\ndestroy in the error handler of core rfkill config.\n\nFound this issue in the code review and it is compile tested only."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath12k: corrige el controlador de errores de la configuraci\u00f3n de rfkill Cuando la configuraci\u00f3n principal de rfkill arroja un error, deber\u00eda liberar los recursos asignados. Actualmente no est\u00e1 liberando recursos de creaci\u00f3n de pdev centrales. Evite este problema llamando a core pdev destroy en el controlador de errores de la configuraci\u00f3n core rfkill. Se encontr\u00f3 este problema en la revisi\u00f3n del c\u00f3digo y solo se prob\u00f3 en compilaci\u00f3n."}], "lastModified": "2025-09-19T18:46:21.580", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7229C448-E0C9-488B-8939-36BA5254065E", "versionEndExcluding": "6.7.2", "versionStartIncluding": "6.7"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}