| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091859-CVE-2023-53443-6815@gregkh> Date: Thu, 18 Sep 2025 18:04:34 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53443: mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak In arizona_clk32k_enable(), we should use pm_runtime_resume_and_get() as pm_runtime_get_sync() will increase the refcnt even when it returns an error. The Linux kernel CVE team has assigned CVE-2023-53443 to this issue. Affected and fixed versions =========================== Fixed in 5.4.235 with commit 7195e642b49af60d4120fa1b45bd812ba528174f Fixed in 5.10.173 with commit 754e81ff44061dda68da0fd4ef51bd1aa9fbf2cf Fixed in 5.15.100 with commit 5a47bb71b1a94a279144fc3031d3c4591b38dd16 Fixed in 6.1.18 with commit 9893771097b22a8743a446e45994a177795ca4da Fixed in 6.2.5 with commit dc9437e9889c3dacf1f320e3cf08da74127573fe Fixed in 6.3 with commit 4414a7ab80cebf715045e3c4d465feefbad21139 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53443 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/mfd/arizona-core.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/7195e642b49af60d4120fa1b45bd812ba528174f https://git.kernel.org/stable/c/754e81ff44061dda68da0fd4ef51bd1aa9fbf2cf https://git.kernel.org/stable/c/5a47bb71b1a94a279144fc3031d3c4591b38dd16 https://git.kernel.org/stable/c/9893771097b22a8743a446e45994a177795ca4da https://git.kernel.org/stable/c/dc9437e9889c3dacf1f320e3cf08da74127573fe https://git.kernel.org/stable/c/4414a7ab80cebf715045e3c4d465feefbad21139
Powered by blists - more mailing lists