VDB

CVE-2023-53636

CVE-2023-53636 PUBLISHED CVSS 7.800000190734863 HIGH

In the Linux kernel, the following vulnerability has been resolved: clk: microchip: fix potential UAF in auxdev release callback Similar to commit 1c11289b34ab ("peci: cpu: Fix use-after-free in adev_release()"), the auxiliary device is not torn down in the correct order. If auxiliary_device_add() fails, the release callback will be called twice, resulting in a UAF. Due to timing, the auxdev code in this driver "took inspiration" from the aforementioned commit, and thus its bugs too! Moving auxiliary_device_uninit() to the unregister callback instead avoids the issue.

EPSS 0.02% · 4.9th percentile

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.02%
4.9th percentile

Affected Products

VendorProductVersions
LinuxLinux6.4, 0, 6.1.28
linuxlinux_kernel6.1, 6.1, 6.1

Timeline

  • Jan 21, 1970 Security Advisory
  • Oct 7, 2025 Coalition ESS Score
  • Oct 7, 2025 CVE Published
  • Oct 8, 2025 EPSS Score
  • Oct 14, 2025 EPSS Score
  • Oct 21, 2025 EPSS Score
  • Oct 27, 2025 EPSS Score
  • Oct 31, 2025 Coalition ESS Score
  • Nov 2, 2025 EPSS Score
  • Nov 9, 2025 EPSS Score
  • Nov 10, 2025 Coalition ESS Score
  • Nov 15, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›