| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123030-CVE-2023-54230-914e@gregkh>
Date: Tue, 30 Dec 2025 13:14:00 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2023-54230: amba: bus: fix refcount leak
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
amba: bus: fix refcount leak
commit 5de1540b7bc4 ("drivers/amba: create devices from device tree")
increases the refcount of of_node, but not releases it in
amba_device_release, so there is refcount leak. By using of_node_put
to avoid refcount leak.
The Linux kernel CVE team has assigned CVE-2023-54230 to this issue.
Affected and fixed versions
===========================
Issue introduced in 3.1 with commit 5de1540b7bc4c23470f86add1e517be41e7fefe2 and fixed in 4.14.326 with commit 94e398df32e850f26828690ee62f7441979583cc
Issue introduced in 3.1 with commit 5de1540b7bc4c23470f86add1e517be41e7fefe2 and fixed in 4.19.295 with commit 9062ce0ccbd82fbe81cc839a512c0ad90847e01c
Issue introduced in 3.1 with commit 5de1540b7bc4c23470f86add1e517be41e7fefe2 and fixed in 5.4.257 with commit 03db4fe7917bb160eeccf3968835475fa32b7e10
Issue introduced in 3.1 with commit 5de1540b7bc4c23470f86add1e517be41e7fefe2 and fixed in 5.10.195 with commit 9baf2278b3eed2c50112169121257d8a6ee0606c
Issue introduced in 3.1 with commit 5de1540b7bc4c23470f86add1e517be41e7fefe2 and fixed in 5.15.132 with commit 4f1807fddd9bf175ee5e14fffc6b6106e4b297ef
Issue introduced in 3.1 with commit 5de1540b7bc4c23470f86add1e517be41e7fefe2 and fixed in 6.1.53 with commit 81ff633a88be2482c163d3acd2801d501261ce6a
Issue introduced in 3.1 with commit 5de1540b7bc4c23470f86add1e517be41e7fefe2 and fixed in 6.4.16 with commit 206fadb7278ceac7593dd0b945a77b9df856a674
Issue introduced in 3.1 with commit 5de1540b7bc4c23470f86add1e517be41e7fefe2 and fixed in 6.5.3 with commit 8b60a706166de5de82314494704c2419e7657bf8
Issue introduced in 3.1 with commit 5de1540b7bc4c23470f86add1e517be41e7fefe2 and fixed in 6.6 with commit e312cbdc11305568554a9e18a2ea5c2492c183f3
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2023-54230
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/amba/bus.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/94e398df32e850f26828690ee62f7441979583cc
https://git.kernel.org/stable/c/9062ce0ccbd82fbe81cc839a512c0ad90847e01c
https://git.kernel.org/stable/c/03db4fe7917bb160eeccf3968835475fa32b7e10
https://git.kernel.org/stable/c/9baf2278b3eed2c50112169121257d8a6ee0606c
https://git.kernel.org/stable/c/4f1807fddd9bf175ee5e14fffc6b6106e4b297ef
https://git.kernel.org/stable/c/81ff633a88be2482c163d3acd2801d501261ce6a
https://git.kernel.org/stable/c/206fadb7278ceac7593dd0b945a77b9df856a674
https://git.kernel.org/stable/c/8b60a706166de5de82314494704c2419e7657bf8
https://git.kernel.org/stable/c/e312cbdc11305568554a9e18a2ea5c2492c183f3
Powered by blists - more mailing lists