| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091502-CVE-2023-53249-aab7@gregkh> Date: Mon, 15 Sep 2025 16:46:24 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53249: clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe Use devm_of_iomap() instead of of_iomap() to automatically handle the unused ioremap region. If any error occurs, regions allocated by kzalloc() will leak, but using devm_kzalloc() instead will automatically free the memory using devm_kfree(). The Linux kernel CVE team has assigned CVE-2023-53249 to this issue. Affected and fixed versions =========================== Issue introduced in 5.4 with commit 96d6392b54dbb1ff2b39448a2516fa6abb33114b and fixed in 5.10.188 with commit 294321349bd3b0680847fc2bbe66b9ab3e522fea Issue introduced in 5.4 with commit 96d6392b54dbb1ff2b39448a2516fa6abb33114b and fixed in 5.15.121 with commit 50b5ddde8fad5f0ffd239029d0956af633a0f9b1 Issue introduced in 5.4 with commit 96d6392b54dbb1ff2b39448a2516fa6abb33114b and fixed in 6.1.39 with commit 9ba3693b0350b154fdd7830559bbc7b04c067096 Issue introduced in 5.4 with commit 96d6392b54dbb1ff2b39448a2516fa6abb33114b and fixed in 6.3.13 with commit 9428cf0fbf4be9a24f3e15a0c166b861b12666af Issue introduced in 5.4 with commit 96d6392b54dbb1ff2b39448a2516fa6abb33114b and fixed in 6.4.4 with commit d4fa5e47af1e7bb2bbcaac062b14216c00e92148 Issue introduced in 5.4 with commit 96d6392b54dbb1ff2b39448a2516fa6abb33114b and fixed in 6.5 with commit 188d070de9132667956f5aadd98d2bd87d3eac89 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53249 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/clk/imx/clk-imx8mn.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/294321349bd3b0680847fc2bbe66b9ab3e522fea https://git.kernel.org/stable/c/50b5ddde8fad5f0ffd239029d0956af633a0f9b1 https://git.kernel.org/stable/c/9ba3693b0350b154fdd7830559bbc7b04c067096 https://git.kernel.org/stable/c/9428cf0fbf4be9a24f3e15a0c166b861b12666af https://git.kernel.org/stable/c/d4fa5e47af1e7bb2bbcaac062b14216c00e92148 https://git.kernel.org/stable/c/188d070de9132667956f5aadd98d2bd87d3eac89
Powered by blists - more mailing lists