CVE-2023-52468: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-52468 is a use-after-free vulnerability discovered in the Linux kernel's class_register() function. The vulnerability occurs when the lock_class_key remains registered and can be found in lock_keys_hash hlist after subsys_private is freed in the error handler path. This vulnerability affects Linux kernel versions from 6.4.0 up to (excluding) 6.6.14 and from 6.7.0 up to (excluding) 6.7.2. The issue was discovered and reported in December 2023 (Kernel Patch).

The vulnerability stems from a race condition where a task iterating over the lock_keys_hash later may cause use-after-free. The issue manifests when a driver fails to kset_register due to creating a duplicate filename '/class/xxx'. When KASAN is enabled, it reports an invalid-access bug in lockdep_register_key. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can lead to use-after-free conditions when lockdep is enabled, potentially resulting in system crashes or memory corruption. However, it's worth noting that this only occurs if lockdep is enabled, which is not typical for normal system operations (Kernel Patch).

The vulnerability has been patched by adding a lockdep_unregister_key(key) call before kfree(cp) in the error handler path. Users are advised to upgrade to Linux kernel versions 6.6.14 or 6.7.2 or later, which contain the fix. The patch fixes the issue by ensuring proper deregistration of the lock_class_key before freeing the associated memory (Kernel Patch).