-

CVE-2023-54115

In the Linux kernel, the following vulnerability has been resolved:

pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db()

When nonstatic_release_resource_db() frees all resources associated
with an PCMCIA socket, it forgets to free socket_data too, causing
a memory leak observable with kmemleak:

unreferenced object 0xc28d1000 (size 64):
  comm "systemd-udevd", pid 297, jiffies 4294898478 (age 194.484s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 f0 85 0e c3 00 00 00 00  ................
    00 00 00 00 0c 10 8d c2 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffda4245>] __kmem_cache_alloc_node+0x2d7/0x4a0
    [<7e51f0c8>] kmalloc_trace+0x31/0xa4
    [<d52b4ca0>] nonstatic_init+0x24/0x1a4 [pcmcia_rsrc]
    [<a2f13e08>] pcmcia_register_socket+0x200/0x35c [pcmcia_core]
    [<a728be1b>] yenta_probe+0x4d8/0xa70 [yenta_socket]
    [<c48fac39>] pci_device_probe+0x99/0x194
    [<84b7c690>] really_probe+0x181/0x45c
    [<8060fe6e>] __driver_probe_device+0x75/0x1f4
    [<b9b76f43>] driver_probe_device+0x28/0xac
    [<648b766f>] __driver_attach+0xeb/0x1e4
    [<6e9659eb>] bus_for_each_dev+0x61/0xb4
    [<25a669f3>] driver_attach+0x1e/0x28
    [<d8671d6b>] bus_add_driver+0x102/0x20c
    [<df0d323c>] driver_register+0x5b/0x120
    [<942cd8a4>] __pci_register_driver+0x44/0x4c
    [<e536027e>] __UNIQUE_ID___addressable_cleanup_module188+0x1c/0xfffff000 [iTCO_vendor_support]

Fix this by freeing socket_data too.

Tested on a Acer Travelmate 4002WLMi by manually binding/unbinding
the yenta_cardbus driver (yenta_socket).
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < bde0b6da7bd893c37afaee3555cc3ac3be582313
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 2d45e2be0be35a3d66863563ed2591ee18a6897e
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 22100df1d57f04cf2370d5347b9ef547f481deea
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 04bb8af40a7729c398ed4caea7e66cedd2881719
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 97fd1c8e9c5aa833aab7e836760bc13103afa892
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < e8a80cf06b4bb0396212289d651b384c949f09d0
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < fd53a1f28faba2c4806c055e706a7721006291c1
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < c85fd9422fe0f5d667305efb27f56d09eab120b0
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 2.6.12
Status affected
Version < 2.6.12
Version 0
Status unaffected
Version <= 4.14.*
Version 4.14.324
Status unaffected
Version <= 4.19.*
Version 4.19.293
Status unaffected
Version <= 5.4.*
Version 5.4.255
Status unaffected
Version <= 5.10.*
Version 5.10.192
Status unaffected
Version <= 5.15.*
Version 5.15.128
Status unaffected
Version <= 6.1.*
Version 6.1.47
Status unaffected
Version <= 6.4.*
Version 6.4.12
Status unaffected
Version <= *
Version 6.5
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.