CVE-2023-52929
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvmem: core: fix cleanup after dev_set_name()
If dev_set_name() fails, we leak nvmem->wp_gpio as the cleanup does not put this. While a minimal fix for this would be to add the gpiod_put() call, we can do better if we split device_register(), and use the tested nvmem_release() cleanup code by initialising the device early, and putting the device.
This results in a slightly larger fix, but results in clear code.
Note: this patch depends on "nvmem: core: initialise nvmem->id early" and "nvmem: core: remove nvmem_config wp_gpio".
[Srini: Fixed subject line and error code handing with wp_gpio while applying.]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | a19a0f67dbb89ad2bfc466f2003841acba645884 < 23676ecd2eb377f7c24a6ff578b0f4c7135658b6 | affected |
| Linux | Linux | 14eea6449473c1f55e196cc104ba16d144465869 < 8f9c4b2a3b132bf6698e477aba6ee194b40c75f4 | affected |
| Linux | Linux | 5544e90c81261e82e02bbf7c6015a4b9c8c825ef < 39708bc8da7858de0bed9b3a88b3beb1d1e0b443 | affected |
| Linux | Linux | 5544e90c81261e82e02bbf7c6015a4b9c8c825ef < 560181d3ace61825f4ca9dd3481d6c0ee6709fa8 | affected |
| Linux | Linux | 6.1 | affected |
| Linux | Linux | 0 < 6.1 | unaffected |
| Linux | Linux | 6.1.11 <= 6.1.* | unaffected |
| Linux | Linux | 6.2 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/23676ecd2eb377f7c24a6ff578b0f4c7135658b6
- https://git.kernel.org/stable/c/8f9c4b2a3b132bf6698e477aba6ee194b40c75f4
- https://git.kernel.org/stable/c/39708bc8da7858de0bed9b3a88b3beb1d1e0b443
- https://git.kernel.org/stable/c/560181d3ace61825f4ca9dd3481d6c0ee6709fa8
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.