| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091603-CVE-2023-53271-5054@gregkh> Date: Tue, 16 Sep 2025 10:07:09 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53271: ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() There is a memory leaks problem reported by kmemleak: unreferenced object 0xffff888102007a00 (size 128): comm "ubirsvol", pid 32090, jiffies 4298464136 (age 2361.231s) hex dump (first 32 bytes): ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ backtrace: [<ffffffff8176cecd>] __kmalloc+0x4d/0x150 [<ffffffffa02a9a36>] ubi_eba_create_table+0x76/0x170 [ubi] [<ffffffffa029764e>] ubi_resize_volume+0x1be/0xbc0 [ubi] [<ffffffffa02a3321>] ubi_cdev_ioctl+0x701/0x1850 [ubi] [<ffffffff81975d2d>] __x64_sys_ioctl+0x11d/0x170 [<ffffffff83c142a5>] do_syscall_64+0x35/0x80 [<ffffffff83e0006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 This is due to a mismatch between create and destroy interfaces, and in detail that "new_eba_tbl" created by ubi_eba_create_table() but destroyed by kfree(), while will causing "new_eba_tbl->entries" not freed. Fix it by replacing kfree(new_eba_tbl) with ubi_eba_destroy_table(new_eba_tbl) The Linux kernel CVE team has assigned CVE-2023-53271 to this issue. Affected and fixed versions =========================== Issue introduced in 4.9 with commit 799dca34ac543485f581bd8464ec9b1c4f0f852a and fixed in 4.14.308 with commit 09780a44093b53f9cbca76246af2e4ff0884e512 Issue introduced in 4.9 with commit 799dca34ac543485f581bd8464ec9b1c4f0f852a and fixed in 4.19.276 with commit 26ec2d66aecab8ff997b912c20247fedba4f5740 Issue introduced in 4.9 with commit 799dca34ac543485f581bd8464ec9b1c4f0f852a and fixed in 5.4.235 with commit 07b60f7452d2fa731737552937cb81821919f874 Issue introduced in 4.9 with commit 799dca34ac543485f581bd8464ec9b1c4f0f852a and fixed in 5.10.173 with commit 31d60afe2cc2b712dbefcaab6b7d6a47036f844e Issue introduced in 4.9 with commit 799dca34ac543485f581bd8464ec9b1c4f0f852a and fixed in 5.15.100 with commit 95a72417dd13ebcdcb1bd0c5d4d15f7c5bfbb288 Issue introduced in 4.9 with commit 799dca34ac543485f581bd8464ec9b1c4f0f852a and fixed in 6.1.18 with commit 27b760b81951d8d5e5c952a696af8574052b0709 Issue introduced in 4.9 with commit 799dca34ac543485f581bd8464ec9b1c4f0f852a and fixed in 6.2.5 with commit 5c0c81a313492b83bd0c038b8839b0e04eb87563 Issue introduced in 4.9 with commit 799dca34ac543485f581bd8464ec9b1c4f0f852a and fixed in 6.3 with commit 1e591ea072df7211f64542a09482b5f81cb3ad27 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53271 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/mtd/ubi/vmt.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/09780a44093b53f9cbca76246af2e4ff0884e512 https://git.kernel.org/stable/c/26ec2d66aecab8ff997b912c20247fedba4f5740 https://git.kernel.org/stable/c/07b60f7452d2fa731737552937cb81821919f874 https://git.kernel.org/stable/c/31d60afe2cc2b712dbefcaab6b7d6a47036f844e https://git.kernel.org/stable/c/95a72417dd13ebcdcb1bd0c5d4d15f7c5bfbb288 https://git.kernel.org/stable/c/27b760b81951d8d5e5c952a696af8574052b0709 https://git.kernel.org/stable/c/5c0c81a313492b83bd0c038b8839b0e04eb87563 https://git.kernel.org/stable/c/1e591ea072df7211f64542a09482b5f81cb3ad27
Powered by blists - more mailing lists