| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091555-CVE-2023-53174-ed92@gregkh> Date: Mon, 15 Sep 2025 16:02:28 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53174: scsi: core: Fix possible memory leak if device_add() fails From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix possible memory leak if device_add() fails If device_add() returns error, the name allocated by dev_set_name() needs be freed. As the comment of device_add() says, put_device() should be used to decrease the reference count in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanp(). The Linux kernel CVE team has assigned CVE-2023-53174 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.26 with commit ee959b00c335d7780136c5abda37809191fe52c3 and fixed in 4.14.323 with commit 63956ad27a6882f01fea7c69e17823090f4c7b3f Issue introduced in 2.6.26 with commit ee959b00c335d7780136c5abda37809191fe52c3 and fixed in 4.19.292 with commit 06c5340858011aa1195aec43a776e3185fbf7f56 Issue introduced in 2.6.26 with commit ee959b00c335d7780136c5abda37809191fe52c3 and fixed in 5.4.254 with commit e12fac07f61caac9c5b186d827658b3470787619 Issue introduced in 2.6.26 with commit ee959b00c335d7780136c5abda37809191fe52c3 and fixed in 5.10.191 with commit aa9a76d5ffdecd3b52ac333eb89361b0c9fe04e8 Issue introduced in 2.6.26 with commit ee959b00c335d7780136c5abda37809191fe52c3 and fixed in 5.15.127 with commit 6bc7f4c8c27d526f968788b8a985896755b1df35 Issue introduced in 2.6.26 with commit ee959b00c335d7780136c5abda37809191fe52c3 and fixed in 6.1.46 with commit b191ff1f075c4875f11271cbf0093e6e044a12aa Issue introduced in 2.6.26 with commit ee959b00c335d7780136c5abda37809191fe52c3 and fixed in 6.4.11 with commit 43c0e16d0c5ec59398b405f4c4aa5a076e656c3f Issue introduced in 2.6.26 with commit ee959b00c335d7780136c5abda37809191fe52c3 and fixed in 6.5 with commit 04b5b5cb0136ce970333a9c6cec7e46adba1ea3a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53174 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/scsi/raid_class.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/63956ad27a6882f01fea7c69e17823090f4c7b3f https://git.kernel.org/stable/c/06c5340858011aa1195aec43a776e3185fbf7f56 https://git.kernel.org/stable/c/e12fac07f61caac9c5b186d827658b3470787619 https://git.kernel.org/stable/c/aa9a76d5ffdecd3b52ac333eb89361b0c9fe04e8 https://git.kernel.org/stable/c/6bc7f4c8c27d526f968788b8a985896755b1df35 https://git.kernel.org/stable/c/b191ff1f075c4875f11271cbf0093e6e044a12aa https://git.kernel.org/stable/c/43c0e16d0c5ec59398b405f4c4aa5a076e656c3f https://git.kernel.org/stable/c/04b5b5cb0136ce970333a9c6cec7e46adba1ea3a
Powered by blists - more mailing lists