What is the severity of CVE-2023-52765?

The severity of CVE-2023-52765 is classified as medium due to potential security and operational impacts.

How do I fix CVE-2023-52765?

To fix CVE-2023-52765, update your Linux kernel to the latest version that includes the patch addressing this vulnerability.

Which versions of the Linux kernel are affected by CVE-2023-52765?

CVE-2023-52765 affects Linux kernel versions between 6.0 and 6.1.64, as well as 6.2 to 6.5.13, and 6.6 to 6.6.3.

What component of the Linux kernel is impacted by CVE-2023-52765?

CVE-2023-52765 specifically impacts the Qualcomm SPMI PMIC revid implementation within the Linux kernel.

Are there any known exploits for CVE-2023-52765?

As of now, there are no publicly known exploits for CVE-2023-52765, but it is recommended to apply the patch promptly.

Vulnerability/
CVE-2023-52765

medium

6.2

CWE

476

21/5/2024

2/4/2025

CVE-2023-52765: mfd: qcom-spmi-pmic: Fix revid implementation

First published: Tue May 21 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: mfd: qcom-spmi-pmic: Fix revid implementation The Qualcomm SPMI PMIC revid implementation is broken in multiple ways. First, it assumes that just because the sibling base device has been registered that means that it is also bound to a driver, which may not be the case (e.g. due to probe deferral or asynchronous probe). This could trigger a NULL-pointer dereference when attempting to access the driver data of the unbound device. Second, it accesses driver data of a sibling device directly and without any locking, which means that the driver data may be freed while it is being accessed (e.g. on driver unbind). Third, it leaks a struct device reference to the sibling device which is looked up using the spmi_device_from_of() every time a function (child) device is calling the revid function (e.g. on probe). Fix this mess by reimplementing the revid lookup so that it is done only at probe of the PMIC device; the base device fetches the revid info from the hardware, while any secondary SPMI device fetches the information from the base device and caches it so that it can be accessed safely from its children. If the base device has not been probed yet then probe of a secondary device is deferred.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel
Linux Kernel	>=6.0<6.1.64
Linux Kernel	>=6.2<6.5.13
Linux Kernel	>=6.6<6.6.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-52765?
The severity of CVE-2023-52765 is classified as medium due to potential security and operational impacts.
How do I fix CVE-2023-52765?
To fix CVE-2023-52765, update your Linux kernel to the latest version that includes the patch addressing this vulnerability.
Which versions of the Linux kernel are affected by CVE-2023-52765?
CVE-2023-52765 affects Linux kernel versions between 6.0 and 6.1.64, as well as 6.2 to 6.5.13, and 6.6 to 6.6.3.
What component of the Linux kernel is impacted by CVE-2023-52765?
CVE-2023-52765 specifically impacts the Qualcomm SPMI PMIC revid implementation within the Linux kernel.
Are there any known exploits for CVE-2023-52765?
As of now, there are no publicly known exploits for CVE-2023-52765, but it is recommended to apply the patch promptly.

agent/title
agent/references
agent/description
agent/first-publish-date
agent/type
agent/author
agent/severity
agent/weakness
agent/event
collector/mitre-cve
source/MITRE
agent/source
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/tags
vendor/linux
canonical/linux kernel
version/linux kernel/6.0
version/linux kernel/6.2
version/linux kernel/6.6

Frequently Asked Questions

What is the severity of CVE-2023-52765?
The severity of CVE-2023-52765 is classified as medium due to potential security and operational impacts.
How do I fix CVE-2023-52765?
To fix CVE-2023-52765, update your Linux kernel to the latest version that includes the patch addressing this vulnerability.
Which versions of the Linux kernel are affected by CVE-2023-52765?
CVE-2023-52765 affects Linux kernel versions between 6.0 and 6.1.64, as well as 6.2 to 6.5.13, and 6.6 to 6.6.3.
What component of the Linux kernel is impacted by CVE-2023-52765?
CVE-2023-52765 specifically impacts the Qualcomm SPMI PMIC revid implementation within the Linux kernel.
Are there any known exploits for CVE-2023-52765?
As of now, there are no publicly known exploits for CVE-2023-52765, but it is recommended to apply the patch promptly.

CVE-2023-52765: mfd: qcom-spmi-pmic: Fix revid implementation

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-52765?

How do I fix CVE-2023-52765?

Which versions of the Linux kernel are affected by CVE-2023-52765?

What component of the Linux kernel is impacted by CVE-2023-52765?

Are there any known exploits for CVE-2023-52765?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2023-52765?

How do I fix CVE-2023-52765?

Which versions of the Linux kernel are affected by CVE-2023-52765?

What component of the Linux kernel is impacted by CVE-2023-52765?

Are there any known exploits for CVE-2023-52765?