CVE-2023-52859

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-52859
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52859.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-52859
Downstream
Related
Published
2024-05-21T15:31:52.546Z
Modified
2025-11-28T02:34:39.504621Z
Summary
perf: hisi: Fix use-after-free when register pmu fails
Details

In the Linux kernel, the following vulnerability has been resolved:

perf: hisi: Fix use-after-free when register pmu fails

When we fail to register the uncore pmu, the pmu context may not been allocated. The error handing will call cpuhpstateremove_instance() to call uncore pmu offline callback, which migrate the pmu context. Since that's liable to lead to some kind of use-after-free.

Use cpuhpstateremoveinstancenocalls() instead of cpuhpstateremove_instance() so that the notifiers don't execute after the PMU device has been failed to register.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52859.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3bf30882c3c7b6e376d9d6d04082c9aa2d2ac30a
Fixed
0e1e88bba286621b886218363de07b319d6208b2
Fixed
b660420f449d094b1fabfa504889810b3a63cdd5
Fixed
3405f364f82d4f5407a8b4c519dc15d24b847fda
Fixed
75bab28ffd05ec8879c197890b1bd1dfec8d3f63
Fixed
b805cafc604bfdb671fae7347a57f51154afa735

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.13.0
Fixed
5.15.139
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.63
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.5.12
Type
ECOSYSTEM
Events
Introduced
6.6.0
Fixed
6.6.2