CVE-2023-52679

Name	CVE-2023-52679
Description	In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop that iterates through the map entries calls of_node_put(new) to free the reference acquired by the previous iteration of the inner loop. This assumes that the value of "new" is NULL on the first iteration of the inner loop. Make sure that this is true in all iterations of the outer loop by setting "new" to NULL after its value is assigned to "cur". Extend the unittest to detect the double free and add an additional test case that actually triggers this path.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-3840-1, DLA-3841-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
linux (PTS)	bullseye (security), bullseye	5.10.218-1	fixed
	bookworm	6.1.94-1	fixed
	bookworm (security)	6.1.90-1	fixed
	trixie	6.8.12-1	fixed
	sid	6.9.7-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
linux	source	buster	4.19.316-1	DLA-3840-1
linux	source	bullseye	5.10.209-1
linux	source	bookworm	6.1.76-1
linux	source	(unstable)	6.6.15-1
linux-5.10	unknown	buster	5.10.209-2~deb10u1	DLA-3841-1

https://git.kernel.org/linus/4dde83569832f9377362e50f7748463340c5db6b (6.8-rc1)