| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100131-CVE-2023-53514-bcd5@gregkh> Date: Wed, 1 Oct 2025 13:46:06 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53514: gpu: host1x: Fix memory leak of device names From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix memory leak of device names The device names allocated by dev_set_name() need be freed before module unloading, but they can not be freed because the kobject's refcount which was set in device_initialize() has not be decreased to 0. As comment of device_add() says, if it fails, use only put_device() drop the refcount, then the name will be freed in kobejct_cleanup(). device_del() and put_device() can be replaced with device_unregister(), so call it to unregister the added successfully devices, and just call put_device() to the not added device. Add a release() function to device to avoid null release() function WARNING in device_release(), it's empty, because the context devices are freed together in host1x_memory_context_list_free(). The Linux kernel CVE team has assigned CVE-2023-53514 to this issue. Affected and fixed versions =========================== Issue introduced in 6.0 with commit 8aa5bcb61612060429223d1fbb7a1c30a579fc1f and fixed in 6.1.28 with commit 958c6cbc32996c375af42db96ceba021a1959899 Issue introduced in 6.0 with commit 8aa5bcb61612060429223d1fbb7a1c30a579fc1f and fixed in 6.2.15 with commit dba1aeaaf3d0e2f996cb0a5609e5e85ecf405a5c Issue introduced in 6.0 with commit 8aa5bcb61612060429223d1fbb7a1c30a579fc1f and fixed in 6.3.2 with commit 3ab0f5ddb761270b11d8c90b8550a59666cfc9bb Issue introduced in 6.0 with commit 8aa5bcb61612060429223d1fbb7a1c30a579fc1f and fixed in 6.4 with commit 55879dad0f3ae8468444b42f785ad79eac05fe5b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53514 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/host1x/context.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/958c6cbc32996c375af42db96ceba021a1959899 https://git.kernel.org/stable/c/dba1aeaaf3d0e2f996cb0a5609e5e85ecf405a5c https://git.kernel.org/stable/c/3ab0f5ddb761270b11d8c90b8550a59666cfc9bb https://git.kernel.org/stable/c/55879dad0f3ae8468444b42f785ad79eac05fe5b
Powered by blists - more mailing lists