| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025102214-CVE-2023-53719-ad4c@gregkh> Date: Wed, 22 Oct 2025 15:24:58 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53719: serial: arc_uart: fix of_iomap leak in `arc_serial_probe` From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: serial: arc_uart: fix of_iomap leak in `arc_serial_probe` Smatch reports: drivers/tty/serial/arc_uart.c:631 arc_serial_probe() warn: 'port->membase' from of_iomap() not released on lines: 631. In arc_serial_probe(), if uart_add_one_port() fails, port->membase is not released, which would cause a resource leak. To fix this, I replace of_iomap with devm_platform_ioremap_resource. The Linux kernel CVE team has assigned CVE-2023-53719 to this issue. Affected and fixed versions =========================== Issue introduced in 3.17 with commit 8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a and fixed in 4.19.284 with commit 3f00df24a5021a6f02c1830a290acd4bceb22a2d Issue introduced in 3.17 with commit 8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a and fixed in 5.4.244 with commit 7525aa211758cc023a371e010d16ceaae1057807 Issue introduced in 3.17 with commit 8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a and fixed in 5.10.181 with commit 153017561d2804cfae87cc9aa377aa84dd906ae1 Issue introduced in 3.17 with commit 8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a and fixed in 5.15.113 with commit f76a18e53a66c0ef2938276110717b3805720cd9 Issue introduced in 3.17 with commit 8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a and fixed in 6.1.30 with commit 081790eee6b47389a0d895262086d64c6a38d6e5 Issue introduced in 3.17 with commit 8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a and fixed in 6.3.4 with commit 40a462313ba4f337a2b419e7fb4a670f3dd95e14 Issue introduced in 3.17 with commit 8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a and fixed in 6.4 with commit 8ab5fc55d7f65d58a3c3aeadf11bdf60267cd2bd Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53719 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/tty/serial/arc_uart.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/3f00df24a5021a6f02c1830a290acd4bceb22a2d https://git.kernel.org/stable/c/7525aa211758cc023a371e010d16ceaae1057807 https://git.kernel.org/stable/c/153017561d2804cfae87cc9aa377aa84dd906ae1 https://git.kernel.org/stable/c/f76a18e53a66c0ef2938276110717b3805720cd9 https://git.kernel.org/stable/c/081790eee6b47389a0d895262086d64c6a38d6e5 https://git.kernel.org/stable/c/40a462313ba4f337a2b419e7fb4a670f3dd95e14 https://git.kernel.org/stable/c/8ab5fc55d7f65d58a3c3aeadf11bdf60267cd2bd
Powered by blists - more mailing lists