CVE-2023-53379

Summary

In the Linux kernel, the following vulnerability has been resolved:

usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()

Smatch reports: drivers/usb/phy/phy-tahvo.c: tahvo_usb_probe() warn: missing unwind goto?

After geting irq, if ret < 0, it will return without error handling to free memory. Just add error handling to fix this problem.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3f06415418f37ac602e71a61ee83ea43553e6bbd < 3e5a7bebf832b1482efe27bcc15a88c5b28a30d0affected
LinuxLinux5e2d2f05204f7ab9c645a1fb9f10a3f6393dd2fa < 4da9edeccf77d7b4c6dbcb34d5908acdaa5bd7e3affected
LinuxLinux606668e24a0d7fd262e2326d76bb60b965fe713f < fe9cdc19861950582f077f254a12026e169eaee5affected
LinuxLinux494629ba62a961de1f2dd0b7125878acb27b8043 < 56901de563359de20513e16a9ae008ae2c22e9a9affected
LinuxLinux0d45a1373e669880b8beaecc8765f44cb0241e47 < ecf26d6e1b5450620c214feea537bb6ce05c6741affected
LinuxLinux0d45a1373e669880b8beaecc8765f44cb0241e47 < dd9b7c89a80428cc5f4ae0d2e1311fdedb2a1aacaffected
LinuxLinux0d45a1373e669880b8beaecc8765f44cb0241e47 < 38dbd6f72bfbeba009efe0e9ec1f3ff09f9e23faaffected
LinuxLinux0d45a1373e669880b8beaecc8765f44cb0241e47 < 342161c11403ea00e9febc16baab1d883d589d04affected
LinuxLinux62e663c172115b9e26a0856508db6277871a7c32affected
LinuxLinux4eab21911d5d6a3377b8965b9fb06463b248fe6baffected
LinuxLinuxdcf379ea4e93b8ea23d628db68ae953b26d63af1affected
LinuxLinuxb45f0d0105a0f50e681dc8fac4b32e1192de34f2affected
LinuxLinux4.14.247 < 4.14.322affected
LinuxLinux4.19.207 < 4.19.291affected
LinuxLinux5.4.146 < 5.4.251affected
LinuxLinux5.10.65 < 5.10.188affected
LinuxLinux4.4.284 < 4.5affected
LinuxLinux4.9.283 < 4.10affected
LinuxLinux5.13.17 < 5.14affected
LinuxLinux5.14.4 < 5.15affected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux4.14.322 <= 4.14.*unaffected
LinuxLinux4.19.291 <= 4.19.*unaffected
LinuxLinux5.4.251 <= 5.4.*unaffected
LinuxLinux5.10.188 <= 5.10.*unaffected
LinuxLinux5.15.121 <= 5.15.*unaffected
LinuxLinux6.1.39 <= 6.1.*unaffected
LinuxLinux6.4.4 <= 6.4.*unaffected
LinuxLinux6.5 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References