CVE-2023-52667: net/mlx5e: fix a potential double-free in fs_any_create_groups
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: fix a potential double-free in fsanycreategroups
The Linux kernel CVE team has assigned CVE-2023-52667 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051728-CVE-2023-52667-649b@gregkh/T
Other sources
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: fix a potential double-free in fsanycreategroups
When kcalloc() for ft->g succeeds but kvzalloc() for in fails, fsanycreategroups() will free ft->g. However, its caller fsanycreatetable() will free ft->g again through calling mlx5edestroyflowtable(), which will lead to a double-free. Fix this by setting ft->g to NULL in fsanycreategroups().
— NVD
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2023-52667?
CVE-2023-52667 has a medium severity rating due to its potential for a double-free vulnerability in the Linux kernel.
How do I fix CVE-2023-52667?
To fix CVE-2023-52667, upgrade to the recommended kernel versions provided by your Linux distribution.
Which versions of the Linux kernel are affected by CVE-2023-52667?
CVE-2023-52667 affects specific versions including up to 5.15.149, and between 5.16 and 6.1.76, along with several others.
How can I check if my Linux kernel is vulnerable to CVE-2023-52667?
You can check the current version of your Linux kernel to see if it falls within the vulnerable ranges specified for CVE-2023-52667.
Is CVE-2023-52667 specifically linked to any Linux distributions?
Yes, CVE-2023-52667 specifically affects kernel versions in Red Hat and Debian distributions among others.