CVE-2023-53544 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: cpufreq: davinci: Fix clk use after free The remove function first frees the clks and only then calls cpufreq_unregister_driver(). If one of the cpufreq callbacks is called just before cpufreq_unregister_driver() is run, the freed clks might be used.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/5d8f384a9b4fc50f6a18405f1c08e5a87a77b5b3
https://git.kernel.org/stable/c/66b3bbe6fbd8dd410868e5b53ac3944a934b9310
https://git.kernel.org/stable/c/a5f024d0e6f91e05c816ad4ee8837173369dd5cb
https://git.kernel.org/stable/c/ab05ae4ab831f64bbc427592c86f599ed9c4324f
https://lore.kernel.org/linux-cve-announce/2025100445-CVE-2023-53544-f48f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-53544
https://www.cve.org/CVERecord?id=CVE-2023-53544

History

Mon, 06 Oct 2025 22:45:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025100445-CVE-2023-53544-f48f@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2023-53544 https://www.cve.org/CVERecord?id=CVE-2023-53544
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Mon, 06 Oct 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Sat, 04 Oct 2025 15:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: cpufreq: davinci: Fix clk use after free The remove function first frees the clks and only then calls cpufreq_unregister_driver(). If one of the cpufreq callbacks is called just before cpufreq_unregister_driver() is run, the freed clks might be used.
Title		cpufreq: davinci: Fix clk use after free
References		https://git.kernel.org/stable/c/5d8f384a9b4fc50f6a18405f1c08e5a87a77b5b3 https://git.kernel.org/stable/c/66b3bbe6fbd8dd410868e5b53ac3944a934b9310 https://git.kernel.org/stable/c/a5f024d0e6f91e05c816ad4ee8837173369dd5cb https://git.kernel.org/stable/c/ab05ae4ab831f64bbc427592c86f599ed9c4324f

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-10-04T15:16:52.791Z

Updated: 2025-10-04T15:16:52.791Z

Reserved: 2025-10-04T15:14:15.920Z

Link: CVE-2023-53544

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-10-04T16:15:49.527

Modified: 2025-10-06T14:56:21.733

Link: CVE-2023-53544

Redhat

Severity : Moderate

Publid Date: 2025-10-04T00:00:00Z

Links: CVE-2023-53544 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object