| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091515-CVE-2023-53234-5a07@gregkh>
Date: Mon, 15 Sep 2025 16:22:08 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2023-53234: watchdog: Fix kmemleak in watchdog_cdev_register
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
watchdog: Fix kmemleak in watchdog_cdev_register
kmemleak reports memory leaks in watchdog_dev_register, as follows:
unreferenced object 0xffff888116233000 (size 2048):
comm ""modprobe"", pid 28147, jiffies 4353426116 (age 61.741s)
hex dump (first 32 bytes):
80 fa b9 05 81 88 ff ff 08 30 23 16 81 88 ff ff .........0#.....
08 30 23 16 81 88 ff ff 00 00 00 00 00 00 00 00 .0#.............
backtrace:
[<000000007f001ffd>] __kmem_cache_alloc_node+0x157/0x220
[<000000006a389304>] kmalloc_trace+0x21/0x110
[<000000008d640eea>] watchdog_dev_register+0x4e/0x780 [watchdog]
[<0000000053c9f248>] __watchdog_register_device+0x4f0/0x680 [watchdog]
[<00000000b2979824>] watchdog_register_device+0xd2/0x110 [watchdog]
[<000000001f730178>] 0xffffffffc10880ae
[<000000007a1a8bcc>] do_one_initcall+0xcb/0x4d0
[<00000000b98be325>] do_init_module+0x1ca/0x5f0
[<0000000046d08e7c>] load_module+0x6133/0x70f0
...
unreferenced object 0xffff888105b9fa80 (size 16):
comm ""modprobe"", pid 28147, jiffies 4353426116 (age 61.741s)
hex dump (first 16 bytes):
77 61 74 63 68 64 6f 67 31 00 b9 05 81 88 ff ff watchdog1.......
backtrace:
[<000000007f001ffd>] __kmem_cache_alloc_node+0x157/0x220
[<00000000486ab89b>] __kmalloc_node_track_caller+0x44/0x1b0
[<000000005a39aab0>] kvasprintf+0xb5/0x140
[<0000000024806f85>] kvasprintf_const+0x55/0x180
[<000000009276cb7f>] kobject_set_name_vargs+0x56/0x150
[<00000000a92e820b>] dev_set_name+0xab/0xe0
[<00000000cec812c6>] watchdog_dev_register+0x285/0x780 [watchdog]
[<0000000053c9f248>] __watchdog_register_device+0x4f0/0x680 [watchdog]
[<00000000b2979824>] watchdog_register_device+0xd2/0x110 [watchdog]
[<000000001f730178>] 0xffffffffc10880ae
[<000000007a1a8bcc>] do_one_initcall+0xcb/0x4d0
[<00000000b98be325>] do_init_module+0x1ca/0x5f0
[<0000000046d08e7c>] load_module+0x6133/0x70f0
...
The reason is that put_device is not be called if cdev_device_add fails
and wdd->id != 0.
watchdog_cdev_register
wd_data = kzalloc [1]
err = dev_set_name [2]
..
err = cdev_device_add
if (err) {
if (wdd->id == 0) { // wdd->id != 0
..
}
return err; // [1],[2] would be leaked
To fix it, call put_device in all wdd->id cases.
The Linux kernel CVE team has assigned CVE-2023-53234 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.14.182 with commit 450caf1faa0d7bbbd1da93d3ee8c5edea7bc51a8 and fixed in 4.14.308 with commit bf26b0e430ce34261f45959989edaf680b64d538
Issue introduced in 4.19.93 with commit f4c36f1999745c2160422fe2f362deadbe3a136b and fixed in 4.19.276 with commit 8c1655600f4f2839fb844fe8c70b2b65fadc7a56
Issue introduced in 5.4.8 with commit ca7851d46de8a8d69022c4e5feed0820483b5f46 and fixed in 5.4.235 with commit 59e391b3fc507a15b7e8e9d9f4de87cae177c366
Issue introduced in 5.5 with commit 72139dfa2464e43957d330266994740bb7be2535 and fixed in 5.10.173 with commit c5a21a5501508ae3afa2fe6d5a3e74a37fa48df3
Issue introduced in 5.5 with commit 72139dfa2464e43957d330266994740bb7be2535 and fixed in 5.15.100 with commit 23cc41c3f19c4d858c3708f1c0a06e94958e6c3b
Issue introduced in 5.5 with commit 72139dfa2464e43957d330266994740bb7be2535 and fixed in 6.1.18 with commit ac099d94e0480c937aa9172ab64074981ca1a4d3
Issue introduced in 5.5 with commit 72139dfa2464e43957d330266994740bb7be2535 and fixed in 6.2.5 with commit 50808d034e199fe3ff7a9d2068a4eebeb6b4098a
Issue introduced in 5.5 with commit 72139dfa2464e43957d330266994740bb7be2535 and fixed in 6.3 with commit 13721a2ac66b246f5802ba1b75ad8637e53eeecc
Issue introduced in 4.9.225 with commit f76905ce52653e8a821963c35d9013cff19b1399
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2023-53234
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/watchdog/watchdog_dev.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/bf26b0e430ce34261f45959989edaf680b64d538
https://git.kernel.org/stable/c/8c1655600f4f2839fb844fe8c70b2b65fadc7a56
https://git.kernel.org/stable/c/59e391b3fc507a15b7e8e9d9f4de87cae177c366
https://git.kernel.org/stable/c/c5a21a5501508ae3afa2fe6d5a3e74a37fa48df3
https://git.kernel.org/stable/c/23cc41c3f19c4d858c3708f1c0a06e94958e6c3b
https://git.kernel.org/stable/c/ac099d94e0480c937aa9172ab64074981ca1a4d3
https://git.kernel.org/stable/c/50808d034e199fe3ff7a9d2068a4eebeb6b4098a
https://git.kernel.org/stable/c/13721a2ac66b246f5802ba1b75ad8637e53eeecc
Powered by blists - more mailing lists