CVE-2023-53596

EPSS 0.02%
Published 04.10.2025 15:44:08
Last modified 06.10.2025 14:56:21
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

drivers: base: Free devm resources when unregistering a device

In the current code, devres_release_all() only gets called if the device
has a bus and has been probed.

This leads to issues when using bus-less or driver-less devices where
the device might never get freed if a managed resource holds a reference
to the device. This is happening in the DRM framework for example.

We should thus call devres_release_all() in the device_del() function to
make sure that the device-managed actions are properly executed when the
device is unregistered, even if it has neither a bus nor a driver.

This is effectively the same change than commit 2f8d16a996da ("devres:
release resources on device_del()") that got reverted by commit
a525a3ddeaca ("driver core: free devres in device_release") over
memory leaks concerns.

This patch effectively combines the two commits mentioned above to
release the resources both on device_del() and device_release() and get
the best of both worlds.

Affected products Warnungen 0 Metrics 1 CWE 0 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 297992e5c63528e603666e36081836204fc36ec9

Version a525a3ddeaca69f405d98442ab3c0746e53168dc

Status affected

Version < 3bcc4c2a096e8342c8c719e595ce15de212694dd

Version a525a3ddeaca69f405d98442ab3c0746e53168dc

Status affected

Version < c8c426fae26086a0ca8ab6cc6da2de79810ec038

Version a525a3ddeaca69f405d98442ab3c0746e53168dc

Status affected

Version < 699fb50d99039a50e7494de644f96c889279aca3

Version a525a3ddeaca69f405d98442ab3c0746e53168dc

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 3.7

Status affected

Version < 3.7

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.53

Status unaffected

Version <= 6.4.*

Version 6.4.16

Status unaffected

Version <= 6.5.*

Version 6.5.3

Status unaffected

Version <= *

Version 6.6

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/297992e5c63528e603666e36081836204fc36ec9

https://git.kernel.org/stable/c/3bcc4c2a096e8342c8c719e595ce15de212694dd

https://git.kernel.org/stable/c/c8c426fae26086a0ca8ab6cc6da2de79810ec038

https://git.kernel.org/stable/c/699fb50d99039a50e7494de644f96c889279aca3

https://nvd.nist.gov/vuln/detail/CVE-2023-53596

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53596

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53596

EUVD