7.8
CVE-2023-53596
- EPSS 0.14%
- Veröffentlicht 04.10.2025 15:44:08
- Zuletzt bearbeitet 01.06.2026 17:16:25
- CVE-Watchlists
- Unerledigt
drivers: base: Free devm resources when unregistering a device
In the Linux kernel, the following vulnerability has been resolved:
drivers: base: Free devm resources when unregistering a device
In the current code, devres_release_all() only gets called if the device
has a bus and has been probed.
This leads to issues when using bus-less or driver-less devices where
the device might never get freed if a managed resource holds a reference
to the device. This is happening in the DRM framework for example.
We should thus call devres_release_all() in the device_del() function to
make sure that the device-managed actions are properly executed when the
device is unregistered, even if it has neither a bus nor a driver.
This is effectively the same change than commit 2f8d16a996da ("devres:
release resources on device_del()") that got reverted by commit
a525a3ddeaca ("driver core: free devres in device_release") over
memory leaks concerns.
This patch effectively combines the two commits mentioned above to
release the resources both on device_del() and device_release() and get
the best of both worlds.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.7 < 6.1.53
Linux ≫ Linux Kernel Version >= 6.2 < 6.4.16
Linux ≫ Linux Kernel Version >= 6.5 < 6.5.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.041 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-415 Double Free
The product calls free() twice on the same memory address.
https://git.kernel.org/stable/c/297992e5c63528e603666e36081836204fc36ec9
https://git.kernel.org/stable/c/3bcc4c2a096e8342c8c719e595ce15de212694dd
https://git.kernel.org/stable/c/c8c426fae26086a0ca8ab6cc6da2de79810ec038
https://git.kernel.org/stable/c/699fb50d99039a50e7494de644f96c889279aca3
https://git.kernel.org/stable/c/83e2ec36a92432e9445e853c12becbbae353b511
https://git.kernel.org/stable/c/b9ef4b0aa91d2f9f5951faafdbbd47cf01799ec3