CVE-2023-52929

MEDIUM

Linux Kernel 6.1 - Incomplete Cleanup in nvmem Core Device Registration

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix cleanup after dev_set_name() If dev_set_name() fails, we leak nvmem->wp_gpio as the cleanup does not put this. While a minimal fix for this would be to add the gpiod_put() call, we can do better if we split device_register(), and use the tested nvmem_release() cleanup code by initialising the device early, and putting the device. This results in a slightly larger fix, but results in clear code. Note: this patch depends on "nvmem: core: initialise nvmem->id early" and "nvmem: core: remove nvmem_config wp_gpio". [Srini: Fixed subject line and error code handing with wp_gpio while applying.]

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/23676ecd2eb377f7c24a6ff578b0f4c7135658b6

Patch

https://git.kernel.org/stable/c/8f9c4b2a3b132bf6698e477aba6ee194b40c75f4

Patch

https://git.kernel.org/stable/c/39708bc8da7858de0bed9b3a88b3beb1d1e0b443

Patch

https://git.kernel.org/stable/c/560181d3ace61825f4ca9dd3481d6c0ee6709fa8

Scores

CVSS v3 5.5

EPSS 0.0020

EPSS Percentile 9.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-459

Status published

Products (10)

Linux/Linux < 6.1

Linux/Linux 14eea6449473c1f55e196cc104ba16d144465869 - 8f9c4b2a3b132bf6698e477aba6ee194b40c75f4

Linux/Linux 5544e90c81261e82e02bbf7c6015a4b9c8c825ef - 39708bc8da7858de0bed9b3a88b3beb1d1e0b443

Linux/Linux 5544e90c81261e82e02bbf7c6015a4b9c8c825ef - 560181d3ace61825f4ca9dd3481d6c0ee6709fa8

Linux/Linux 6.1

Linux/Linux 6.1.11 - 6.1.*

Linux/Linux 6.2

Linux/Linux a19a0f67dbb89ad2bfc466f2003841acba645884 - 23676ecd2eb377f7c24a6ff578b0f4c7135658b6

linux/linux_kernel 6.2 rc1 (6 CPE variants)

linux/linux_kernel 6.1 - 6.1.11

Published Mar 27, 2025

Tracked Since Feb 18, 2026