CVE-2023-52871: soc: qcom: llcc: Handle a second device without data corruption

Description

In the Linux kernel, the following vulnerability has been resolved:

soc: qcom: llcc: Handle a second device without data corruption

Usually there is only one llcc device. But if there were a second, even
a failed probe call would modify the global drv_data pointer. So check
if drv_data is valid before overwriting it.

Classification

CVE ID: CVE-2023-52871

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.38% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://git.kernel.org/stable/c/cc1a1dcb411fe224f48553cfdcdfe6e61395b69c
https://git.kernel.org/stable/c/5e5b85ea0f4bc484bfe4cc73ead51fa48d2366a0
https://git.kernel.org/stable/c/995ee1e84e8db7fa5dcdde7dfe0bd7bb6f9bbb8c
https://git.kernel.org/stable/c/f0ef883cae309bc5e8cdfcdbc1b4822732ce20a8
https://git.kernel.org/stable/c/3565684309e54fa998ea27f37028d67cc3e1dff2
https://git.kernel.org/stable/c/1143bfb9b055897975aeaea254da148e19524493
https://git.kernel.org/stable/c/f1a1bc8775b26345aba2be278118999e7f661d3d

Timeline

2024-12-20 00:32:33 UTC
CVE

soc: qcom: llcc: Handle a second device without data corruption