Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix memory leak of device names The device names allocated by dev_set_name() need be freed before module unloading, but they can not be freed because the kobject's refcount which was set in device_initialize() has not be decreased to 0. As comment of device_add() says, if it fails, use only put_device() drop the refcount, then the name will be freed in kobejct_cleanup(). device_del() and put_device() can be replaced with device_unregister(), so call it to unregister the added successfully devices, and just call put_device() to the not added device. Add a release() function to device to avoid null release() function WARNING in device_release(), it's empty, because the context devices are freed together in host1x_memory_context_list_free().
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.0, < 6.1.28 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/3ab0f5ddb761270b11d8c90b8550a59666cfc9bbPatch
- https://git.kernel.org/stable/c/55879dad0f3ae8468444b42f785ad79eac05fe5bPatch
- https://git.kernel.org/stable/c/958c6cbc32996c375af42db96ceba021a1959899Patch
- https://git.kernel.org/stable/c/dba1aeaaf3d0e2f996cb0a5609e5e85ecf405a5cPatch
FAQ
What is CVE-2023-53514?
CVE-2023-53514 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix memory leak of device names The device names allocated by dev_set_name() need be freed before module unloading, b...
How severe is CVE-2023-53514?
CVE-2023-53514 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-53514?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.