Unrated severityNVD Advisory· Published May 17, 2024· Updated May 4, 2025

of: Fix double free in of_parse_phandle_with_args_map

CVE-2023-52679

Description

In the Linux kernel, the following vulnerability has been resolved:

In of_parse_phandle_with_args_map() the inner loop that iterates through the map entries calls of_node_put(new) to free the reference acquired by the previous iteration of the inner loop. This assumes that the value of "new" is NULL on the first iteration of the inner loop.

Make sure that this is true in all iterations of the outer loop by setting "new" to NULL after its value is assigned to "cur".

Extend the unittest to detect the double free and add an additional test case that actually triggers this path.

Affected products

112

osv-coords111 versions
pkg:deb/ubuntu/linux-aws@6.5.0-1021.21?arch=source&distro=mantic pkg:deb/ubuntu/linux-laptop@6.5.0-1017.20?arch=source&distro=mantic pkg:deb/ubuntu/linux-oracle@6.5.0-1024.24?arch=source&distro=mantic pkg:rpm/almalinux/kernel-rt pkg:rpm/almalinux/kernel-rt-core pkg:rpm/almalinux/kernel-rt-debug pkg:rpm/almalinux/kernel-rt-debug-core pkg:rpm/almalinux/kernel-rt-debug-devel pkg:rpm/almalinux/kernel-rt-debug-kvm pkg:rpm/almalinux/kernel-rt-debug-modules pkg:rpm/almalinux/kernel-rt-debug-modules-extra pkg:rpm/almalinux/kernel-rt-devel pkg:rpm/almalinux/kernel-rt-kvm pkg:rpm/almalinux/kernel-rt-modules pkg:rpm/almalinux/kernel-rt-modules-extra pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_5&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_5&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_16&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_15&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
< 6.5.0-1021.21+ 110 more
- (no CPE)range: < 6.5.0-1021.21
- (no CPE)range: < 6.5.0-1017.20
- (no CPE)range: < 6.5.0-1024.24
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 6.4.0-150600.8.5.4
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.55.68.1.150500.6.31.1
- (no CPE)range: < 6.4.0-150600.23.7.3.150600.12.2.7
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.4
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 6.4.0-150600.8.5.4
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.2
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 6.4.0-150600.8.5.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 6.4.0-150600.8.5.4
- (no CPE)range: < 5.14.21-150500.55.68.1.150500.6.31.1
- (no CPE)range: < 5.14.21-150500.55.68.1.150500.6.31.1
- (no CPE)range: < 6.4.0-150600.23.7.3.150600.12.2.7
- (no CPE)range: < 6.4.0-17.1.1.51
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.4
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 1-1.1
- (no CPE)range: < 1-1.1
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 1-150600.1.5.1
- (no CPE)range: < 1-150600.13.3.7
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-9.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 6.4.0-150600.8.5.4
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.2
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.2
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-9.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 6.4.0-150600.8.5.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
Linux/Linuxcpe-rescue
Range: 4.17

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000