Linux Kernel Vulnerability in Mediatek MT8183 Power Management Coprocessor
CVE-2023-53274
What is CVE-2023-53274?
A vulnerability in the Mediatek MT8183 clock driver has been identified, which pertains to the improper management of SSPM related clocks. Previously, these clocks were removed due to perceived low usage, but this action led to issues when transitioned to a new simple-probe mechanism. The mechanism's reliance on all defined clocks in the driver, rather than the highest index, can result in out-of-bounds writes when gaps exist in device tree bindings or driver implementations. Such errors may cause memory corruption, impacting system stability or causing crashes that can remain unnoticed. By reinstating the SSPM related clocks, the driver more accurately adheres to the device tree binding requirements, ensuring reliable power management functionality.
Affected Version(s)
Linux 3f37ba7cc385ba07762ffcd7ac38af8c0f84dd3e < 45d69917a4af6c869193f95932dc6d6f15d5ef86
Linux 3f37ba7cc385ba07762ffcd7ac38af8c0f84dd3e < 1eb8d61ac5c9c7ec56bb96d433532807509b9288
Linux 6.4