CVE-2023-52679: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-52679 is a double free vulnerability discovered in the Linux kernel's ofparsephandlewithargs_map function. The vulnerability was disclosed on May 17, 2024, affecting Linux kernel versions from 4.17 through 6.x. The issue occurs in the function's inner loop that iterates through map entries, where it incorrectly assumes the value of 'new' is NULL on the first iteration of the inner loop (NVD).

The vulnerability exists in the ofparsephandlewithargsmap() function where the inner loop that iterates through map entries calls ofnode_put(new) to free a reference acquired by the previous iteration. The function incorrectly assumes that the value of 'new' is NULL on the first iteration of the inner loop. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could potentially lead to a double free condition in the Linux kernel, which could result in memory corruption, system crashes, or potential privilege escalation. The high CVSS score indicates significant potential impact on system confidentiality, integrity, and availability (NVD).

The vulnerability has been fixed by setting 'new' to NULL after its value is assigned to 'cur' in all iterations of the outer loop. The fix has been implemented in various Linux kernel versions, and patches have been released for affected distributions. Debian has addressed this in version 5.10.209-2~deb10u1 for Debian 10 and version 4.19.316-1 (Debian LTS, Debian LTS).