| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100441-CVE-2023-53533-7fbb@gregkh> Date: Sat, 4 Oct 2025 17:16:47 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53533: Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe rpi_firmware_get() take reference, we need to release it in error paths as well. Use devm_rpi_firmware_get() helper to handling the resources. Also remove the existing rpi_firmware_put(). The Linux kernel CVE team has assigned CVE-2023-53533 to this issue. Affected and fixed versions =========================== Issue introduced in 5.0 with commit 0b9f28fed3f70ff9a0380fe308739dd72a30a6f6 and fixed in 5.4.243 with commit 1dfa3c9dd27bdc347733d06e980395768520bc3e Issue introduced in 5.0 with commit 0b9f28fed3f70ff9a0380fe308739dd72a30a6f6 and fixed in 5.10.180 with commit 0d6a5c9489c8a3d434e685066119c4333476dccd Issue introduced in 5.0 with commit 0b9f28fed3f70ff9a0380fe308739dd72a30a6f6 and fixed in 5.15.111 with commit 7acad58049acc6ac148e8b613a6eceeca4bcb4a7 Issue introduced in 5.0 with commit 0b9f28fed3f70ff9a0380fe308739dd72a30a6f6 and fixed in 6.1.28 with commit 36d087e49dabd28d2c13a7532dac72d625ce69fb Issue introduced in 5.0 with commit 0b9f28fed3f70ff9a0380fe308739dd72a30a6f6 and fixed in 6.2.15 with commit 9dbbe9db224c23a60dc7b1e00c701be93328c873 Issue introduced in 5.0 with commit 0b9f28fed3f70ff9a0380fe308739dd72a30a6f6 and fixed in 6.3.2 with commit 9216aa5cfd86809a2681be3683cd9ac30432de0c Issue introduced in 5.0 with commit 0b9f28fed3f70ff9a0380fe308739dd72a30a6f6 and fixed in 6.4 with commit 5bca3688bdbc3b58a2894b8671a8e2378efe28bd Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53533 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/input/touchscreen/raspberrypi-ts.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/1dfa3c9dd27bdc347733d06e980395768520bc3e https://git.kernel.org/stable/c/0d6a5c9489c8a3d434e685066119c4333476dccd https://git.kernel.org/stable/c/7acad58049acc6ac148e8b613a6eceeca4bcb4a7 https://git.kernel.org/stable/c/36d087e49dabd28d2c13a7532dac72d625ce69fb https://git.kernel.org/stable/c/9dbbe9db224c23a60dc7b1e00c701be93328c873 https://git.kernel.org/stable/c/9216aa5cfd86809a2681be3683cd9ac30432de0c https://git.kernel.org/stable/c/5bca3688bdbc3b58a2894b8671a8e2378efe28bd
Powered by blists - more mailing lists