| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120953-CVE-2023-53830-7785@gregkh> Date: Tue, 9 Dec 2025 10:31:14 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53830: platform/x86: think-lmi: Fix memory leak when showing current settings From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix memory leak when showing current settings When retriving a item string with tlmi_setting(), the result has to be freed using kfree(). In current_value_show() however, malformed item strings are not freed, causing a memory leak. Fix this by eliminating the early return responsible for this. The Linux kernel CVE team has assigned CVE-2023-53830 to this issue. Affected and fixed versions =========================== Issue introduced in 5.14 with commit 0fdf10e5fc964c315cf131a2eaab9cc531a9f40f and fixed in 5.15.107 with commit b9396d991abe8d1ac31a043274ab20b49f92c2e6 Issue introduced in 5.14 with commit 0fdf10e5fc964c315cf131a2eaab9cc531a9f40f and fixed in 6.1.24 with commit 9071525bfcb1f5674117dbed3eca0cd7b122813b Issue introduced in 5.14 with commit 0fdf10e5fc964c315cf131a2eaab9cc531a9f40f and fixed in 6.2.11 with commit 5f99014c19fa50a5719c0bb78143282632675893 Issue introduced in 5.14 with commit 0fdf10e5fc964c315cf131a2eaab9cc531a9f40f and fixed in 6.3 with commit a3c4c053014585dcf20f4df954791b74d8a8afcd Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53830 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/platform/x86/think-lmi.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/b9396d991abe8d1ac31a043274ab20b49f92c2e6 https://git.kernel.org/stable/c/9071525bfcb1f5674117dbed3eca0cd7b122813b https://git.kernel.org/stable/c/5f99014c19fa50a5719c0bb78143282632675893 https://git.kernel.org/stable/c/a3c4c053014585dcf20f4df954791b74d8a8afcd
Powered by blists - more mailing lists