5.5

CVE-2023-53225

spi: imx: Don't skip cleanup in remove's error path

In the Linux kernel, the following vulnerability has been resolved:

spi: imx: Don't skip cleanup in remove's error path

Returning early in a platform driver's remove callback is wrong. In this
case the dma resources are not released in the error path. this is never
retried later and so this is a permanent leak. To fix this, only skip
hardware disabling if waking the device fails.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.16.57 < 3.17
LinuxLinux Kernel Version >= 3.18.94 < 3.19
LinuxLinux Kernel Version >= 4.1.50 < 4.2
LinuxLinux Kernel Version >= 4.4.115 < 4.5
LinuxLinux Kernel Version >= 4.9.80 < 4.10
LinuxLinux Kernel Version >= 4.14.17 < 4.15
LinuxLinux Kernel Version >= 4.15.1 < 5.10.180
LinuxLinux Kernel Version >= 5.11 < 5.15.111
LinuxLinux Kernel Version >= 5.16 < 6.1.28
LinuxLinux Kernel Version >= 6.2 < 6.2.15
LinuxLinux Kernel Version >= 6.3 < 6.3.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.047
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/aa93a46f998a9069368026ac52bba96868c59157
Patch
https://git.kernel.org/stable/c/f90822ad63d11301e425311dac0c8e12ca1737b8
Patch
https://git.kernel.org/stable/c/6d16305a1535873e0a8a8ae92ea2d9106ec2d7df
Patch
https://git.kernel.org/stable/c/57a463226638f1ceabbb029cbd21b0c94640f1b5
Patch
https://git.kernel.org/stable/c/b64cb3f085fed296103c91f0db6acad30a021b36
Patch
https://git.kernel.org/stable/c/11951c9e3f364d7ae3b568a0e52c8335d43066b5
Patch