| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100132-CVE-2023-53518-64e1@gregkh> Date: Wed, 1 Oct 2025 13:46:10 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53518: PM / devfreq: Fix leak in devfreq_dev_release() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix leak in devfreq_dev_release() srcu_init_notifier_head() allocates resources that need to be released with a srcu_cleanup_notifier_head() call. Reported by kmemleak. The Linux kernel CVE team has assigned CVE-2023-53518 to this issue. Affected and fixed versions =========================== Issue introduced in 4.7 with commit 0fe3a66410a3ba96679be903f1e287d7a0a264a9 and fixed in 4.14.326 with commit 7462483446cb9986568ad7adae746ce5f18d2968 Issue introduced in 4.7 with commit 0fe3a66410a3ba96679be903f1e287d7a0a264a9 and fixed in 4.19.295 with commit 64e6e0dc2d578c0a9e31cb4edd719f0a3ed98f6d Issue introduced in 4.7 with commit 0fe3a66410a3ba96679be903f1e287d7a0a264a9 and fixed in 5.4.257 with commit 29811f4b8255d4238cf326f3bb7129784766beab Issue introduced in 4.7 with commit 0fe3a66410a3ba96679be903f1e287d7a0a264a9 and fixed in 5.10.195 with commit ab192e5e5d3b48415909a8408acfd007a607bcc0 Issue introduced in 4.7 with commit 0fe3a66410a3ba96679be903f1e287d7a0a264a9 and fixed in 5.15.132 with commit 111bafa210ae546bee7644be730c42df9c35b66e Issue introduced in 4.7 with commit 0fe3a66410a3ba96679be903f1e287d7a0a264a9 and fixed in 6.1.53 with commit 8918025feb2f5f7c73f2495c158f22997e25cb02 Issue introduced in 4.7 with commit 0fe3a66410a3ba96679be903f1e287d7a0a264a9 and fixed in 6.4.16 with commit 1640e9c72173911ad0fddb05012c01eafe082c4e Issue introduced in 4.7 with commit 0fe3a66410a3ba96679be903f1e287d7a0a264a9 and fixed in 6.5.3 with commit 3354c401c68d70567d1ef25d12f4e22a7813a3c6 Issue introduced in 4.7 with commit 0fe3a66410a3ba96679be903f1e287d7a0a264a9 and fixed in 6.6 with commit 5693d077595de721f9ddbf9d37f40e5409707dfe Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53518 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/devfreq/devfreq.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/7462483446cb9986568ad7adae746ce5f18d2968 https://git.kernel.org/stable/c/64e6e0dc2d578c0a9e31cb4edd719f0a3ed98f6d https://git.kernel.org/stable/c/29811f4b8255d4238cf326f3bb7129784766beab https://git.kernel.org/stable/c/ab192e5e5d3b48415909a8408acfd007a607bcc0 https://git.kernel.org/stable/c/111bafa210ae546bee7644be730c42df9c35b66e https://git.kernel.org/stable/c/8918025feb2f5f7c73f2495c158f22997e25cb02 https://git.kernel.org/stable/c/1640e9c72173911ad0fddb05012c01eafe082c4e https://git.kernel.org/stable/c/3354c401c68d70567d1ef25d12f4e22a7813a3c6 https://git.kernel.org/stable/c/5693d077595de721f9ddbf9d37f40e5409707dfe
Powered by blists - more mailing lists