| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120939-CVE-2023-53779-dd3d@gregkh> Date: Tue, 9 Dec 2025 09:02:00 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53779: mfd: dln2: Fix memory leak in dln2_probe() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: mfd: dln2: Fix memory leak in dln2_probe() When dln2_setup_rx_urbs() in dln2_probe() fails, error out_free forgets to call usb_put_dev() to decrease the refcount of dln2->usb_dev. Fix this by adding usb_put_dev() in the error handling code of dln2_probe(). The Linux kernel CVE team has assigned CVE-2023-53779 to this issue. Affected and fixed versions =========================== Fixed in 4.14.316 with commit aa5a8673d71124e7dcdd497ec2accebc15bd6ca3 Fixed in 4.19.284 with commit 71fa6f134d13822a5dd906327de04aad8e903e49 Fixed in 5.4.244 with commit 1e453cb55014367a84655203c31d57dfa87e005e Fixed in 5.10.181 with commit 6a1a72a8cfdad6911a7167405b63545ad781fbe2 Fixed in 5.15.113 with commit 1fa3fb4f70184254af437ccd59fd1c091a90d518 Fixed in 6.1.30 with commit 77f43c014a770c4dcbdeed7cda6884c29382eb0f Fixed in 6.3.4 with commit fa045c911f0bfc0305c71618ab5630153faf86a4 Fixed in 6.4 with commit 96da8f148396329ba769246cb8ceaa35f1ddfc48 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53779 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/mfd/dln2.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/aa5a8673d71124e7dcdd497ec2accebc15bd6ca3 https://git.kernel.org/stable/c/71fa6f134d13822a5dd906327de04aad8e903e49 https://git.kernel.org/stable/c/1e453cb55014367a84655203c31d57dfa87e005e https://git.kernel.org/stable/c/6a1a72a8cfdad6911a7167405b63545ad781fbe2 https://git.kernel.org/stable/c/1fa3fb4f70184254af437ccd59fd1c091a90d518 https://git.kernel.org/stable/c/77f43c014a770c4dcbdeed7cda6884c29382eb0f https://git.kernel.org/stable/c/fa045c911f0bfc0305c71618ab5630153faf86a4 https://git.kernel.org/stable/c/96da8f148396329ba769246cb8ceaa35f1ddfc48
Powered by blists - more mailing lists