CVE-2023-54091

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/client: Fix memory leak in drm_client_target_cloned

dmt_mode is allocated and never freed in this function. It was found with the ast driver, but most drivers using generic fbdev setup are probably affected.

This fixes the following kmemleak report: backtrace: [<00000000b391296d>] drm_mode_duplicate+0x45/0x220 [drm] [<00000000e45bb5b3>] drm_client_target_cloned.constprop.0+0x27b/0x480 [drm] [<00000000ed2d3a37>] drm_client_modeset_probe+0x6bd/0xf50 [drm] [<0000000010e5cc9d>] __drm_fb_helper_initial_config_and_unlock+0xb4/0x2c0 [drm_kms_helper] [<00000000909f82ca>] drm_fbdev_client_hotplug+0x2bc/0x4d0 [drm_kms_helper] [<00000000063a69aa>] drm_client_register+0x169/0x240 [drm] [<00000000a8c61525>] ast_pci_probe+0x142/0x190 [ast] [<00000000987f19bb>] local_pci_probe+0xdc/0x180 [<000000004fca231b>] work_for_cpu_fn+0x4e/0xa0 [<0000000000b85301>] process_one_work+0x8b7/0x1540 [<000000003375b17c>] worker_thread+0x70a/0xed0 [<00000000b0d43cd9>] kthread+0x29f/0x340 [<000000008d770833>] ret_from_fork+0x1f/0x30 unreferenced object 0xff11000333089a00 (size 128):

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1d42bbc8f7f9ce4d852692ef7aa336b133b0830a < d3009700f48602b557eade1f22c98b6bc20247e8affected
LinuxLinux1d42bbc8f7f9ce4d852692ef7aa336b133b0830a < a4b978249e8fa94956fce8b70a709f7797716f62affected
LinuxLinux1d42bbc8f7f9ce4d852692ef7aa336b133b0830a < 52daf6ba2e0d201640cb1ce42049c5c4426b4d6eaffected
LinuxLinux1d42bbc8f7f9ce4d852692ef7aa336b133b0830a < 105275879a80503686a8108af2f5c579a1c5aef4affected
LinuxLinux1d42bbc8f7f9ce4d852692ef7aa336b133b0830a < a85e23a1ef63e45a18f0a30d7816fcb4a865ca95affected
LinuxLinux1d42bbc8f7f9ce4d852692ef7aa336b133b0830a < b5359d7a5087ac398fc429da6833133b4784c268affected
LinuxLinux1d42bbc8f7f9ce4d852692ef7aa336b133b0830a < 4b596a6e2d2e0f9c14e4122506dd715f43fcd727affected
LinuxLinux1d42bbc8f7f9ce4d852692ef7aa336b133b0830a < c2a88e8bdf5f6239948d75283d0ae7e0c7945b03affected
LinuxLinux2.6.35affected
LinuxLinux0 < 2.6.35unaffected
LinuxLinux4.14.322 <= 4.14.*unaffected
LinuxLinux4.19.291 <= 4.19.*unaffected
LinuxLinux5.4.251 <= 5.4.*unaffected
LinuxLinux5.10.188 <= 5.10.*unaffected
LinuxLinux5.15.123 <= 5.15.*unaffected
LinuxLinux6.1.42 <= 6.1.*unaffected
LinuxLinux6.4.7 <= 6.4.*unaffected
LinuxLinux6.5 <= *unaffected

Weaknesses

References