CVE-2023-53225

Summary

In the Linux kernel, the following vulnerability has been resolved:

spi: imx: Don't skip cleanup in remove's error path

Returning early in a platform driver's remove callback is wrong. In this case the dma resources are not released in the error path. this is never retried later and so this is a permanent leak. To fix this, only skip hardware disabling if waking the device fails.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd593574aff0ab846136190b1729c151c736727ec < aa93a46f998a9069368026ac52bba96868c59157affected
LinuxLinuxd593574aff0ab846136190b1729c151c736727ec < f90822ad63d11301e425311dac0c8e12ca1737b8affected
LinuxLinuxd593574aff0ab846136190b1729c151c736727ec < 6d16305a1535873e0a8a8ae92ea2d9106ec2d7dfaffected
LinuxLinuxd593574aff0ab846136190b1729c151c736727ec < 57a463226638f1ceabbb029cbd21b0c94640f1b5affected
LinuxLinuxd593574aff0ab846136190b1729c151c736727ec < b64cb3f085fed296103c91f0db6acad30a021b36affected
LinuxLinuxd593574aff0ab846136190b1729c151c736727ec < 11951c9e3f364d7ae3b568a0e52c8335d43066b5affected
LinuxLinuxfc58a98f1c98b22d31c53913cca38d5c43807cb4affected
LinuxLinux28ae79a518421348abfc2a2dffd6a6b6e3699476affected
LinuxLinuxb6aaaaed67b170a9841f0f598cd45ccbfe76e15eaffected
LinuxLinuxf84a8d446a16379df5844bc2bd50f0b7431a4718affected
LinuxLinux1333c3e996eb799286ee2ef2c01752da45bf926faffected
LinuxLinuxcfd96cbd607ab5d63a33cd63673221f4d572ea8caffected
LinuxLinuxbac4bf53ca7c65d6c06808aab70c6caa0b9c78b9affected
LinuxLinux3.16.57 < 3.17affected
LinuxLinux3.18.94 < 3.19affected
LinuxLinux4.1.50 < 4.2affected
LinuxLinux4.4.115 < 4.5affected
LinuxLinux4.9.80 < 4.10affected
LinuxLinux4.14.17 < 4.15affected
LinuxLinux4.15.1 < 4.16affected
LinuxLinux4.16affected
LinuxLinux0 < 4.16unaffected
LinuxLinux5.10.180 <= 5.10.*unaffected
LinuxLinux5.15.111 <= 5.15.*unaffected
LinuxLinux6.1.28 <= 6.1.*unaffected
LinuxLinux6.2.15 <= 6.2.*unaffected
LinuxLinux6.3.2 <= 6.3.*unaffected
LinuxLinux6.4 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References