5.5

CVE-2023-53567

spi: qup: Don't skip cleanup in remove's error path

In the Linux kernel, the following vulnerability has been resolved:

spi: qup: Don't skip cleanup in remove's error path

Returning early in a platform driver's remove callback is wrong. In this
case the dma resources are not released in the error path. this is never
retried later and so this is a permanent leak. To fix this, only skip
hardware disabling if waking the device fails.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.15 < 4.19.283
LinuxLinux Kernel Version >= 4.20 < 5.4.243
LinuxLinux Kernel Version >= 5.5 < 5.10.180
LinuxLinux Kernel Version >= 5.11 < 5.15.111
LinuxLinux Kernel Version >= 5.16 < 6.1.28
LinuxLinux Kernel Version >= 6.2 < 6.2.15
LinuxLinux Kernel Version >= 6.3 < 6.3.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.034
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/fd53f41bd86daa39b454fd4637a908ff2123547f
Patch
https://git.kernel.org/stable/c/8632384337038b97910c2f7bb5a3f377aa68d001
Patch
https://git.kernel.org/stable/c/bc88243bbe6140d289bb32b4ee4607ba5ce1124a
Patch
https://git.kernel.org/stable/c/f345d4d71e87d878437417ffbb9a7d4e16d235eb
Patch
https://git.kernel.org/stable/c/2d0f63077f481f11a07f20eab1c1f4367dfaef32
Patch
https://git.kernel.org/stable/c/55ecdcd12bc176b86fecbcb125ac814ac8fe857a
Patch
https://git.kernel.org/stable/c/49c17fccae36505550c9121891722fff337f148a
Patch
https://git.kernel.org/stable/c/61f49171a43ab1f80c73c5c88c508770c461e0f2
Patch