CVE-2023-52571

In the Linux kernel, the following vulnerability has been resolved: power: supply: rk817: Fix node refcount leak Dan Carpenter reports that the Smatch static checker warning has found that there is another refcount leak in the probe function. While of_node_put() was added in one of the return paths, it should in fact be added for ALL return paths that return an error and at driver removal time.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/488ef44c068e79752dba8eda0b75f524f111a695	Patch
https://git.kernel.org/stable/c/70326b46b6a043f7e7404b2ff678b033c06d6577	Patch
https://git.kernel.org/stable/c/fe6406238d5a24e9fb0286c71edd67b99d8db58d	Patch
https://git.kernel.org/stable/c/488ef44c068e79752dba8eda0b75f524f111a695	Patch
https://git.kernel.org/stable/c/70326b46b6a043f7e7404b2ff678b033c06d6577	Patch
https://git.kernel.org/stable/c/fe6406238d5a24e9fb0286c71edd67b99d8db58d	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.6:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.6:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.6:rc3::::::

History

08 Apr 2025, 15:05

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/488ef44c068e79752dba8eda0b75f524f111a695 -~~	() https://git.kernel.org/stable/c/488ef44c068e79752dba8eda0b75f524f111a695 - Patch
References	~~() https://git.kernel.org/stable/c/70326b46b6a043f7e7404b2ff678b033c06d6577 -~~	() https://git.kernel.org/stable/c/70326b46b6a043f7e7404b2ff678b033c06d6577 - Patch
References	~~() https://git.kernel.org/stable/c/fe6406238d5a24e9fb0286c71edd67b99d8db58d -~~	() https://git.kernel.org/stable/c/fe6406238d5a24e9fb0286c71edd67b99d8db58d - Patch
First Time		Linux linux Kernel Linux
CWE		CWE-401
CPE		cpe:2.3:o:linux:linux_kernel:6.6:rc3:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.6:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.6:rc2::::::

21 Nov 2024, 08:40

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/488ef44c068e79752dba8eda0b75f524f111a695 -~~	() https://git.kernel.org/stable/c/488ef44c068e79752dba8eda0b75f524f111a695 -
References	~~() https://git.kernel.org/stable/c/70326b46b6a043f7e7404b2ff678b033c06d6577 -~~	() https://git.kernel.org/stable/c/70326b46b6a043f7e7404b2ff678b033c06d6577 -
References	~~() https://git.kernel.org/stable/c/fe6406238d5a24e9fb0286c71edd67b99d8db58d -~~	() https://git.kernel.org/stable/c/fe6406238d5a24e9fb0286c71edd67b99d8db58d -

06 Nov 2024, 17:35

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: power: Supply: rk817: reparar la fuga de recuento de nodos Dan Carpenter informa que la advertencia del verificador estático Smatch encontró que hay otra fuga de recuento en la función de sonda. Si bien of_node_put() se agregó en una de las rutas de retorno, de hecho debería agregarse para TODAS las rutas de retorno que devuelven un error y en el momento de eliminar el controlador.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.1

02 Mar 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-02 22:15

Updated : 2025-04-08 15:05

NVD link : CVE-2023-52571

Mitre link : CVE-2023-52571

CVE.ORG link : CVE-2023-52571

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2023-52571", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2024-03-02T22:15:49.257", "references": [{"url": "https://git.kernel.org/stable/c/488ef44c068e79752dba8eda0b75f524f111a695", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/70326b46b6a043f7e7404b2ff678b033c06d6577", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fe6406238d5a24e9fb0286c71edd67b99d8db58d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/488ef44c068e79752dba8eda0b75f524f111a695", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/70326b46b6a043f7e7404b2ff678b033c06d6577", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/fe6406238d5a24e9fb0286c71edd67b99d8db58d", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: rk817: Fix node refcount leak\n\nDan Carpenter reports that the Smatch static checker warning has found\nthat there is another refcount leak in the probe function. While\nof_node_put() was added in one of the return paths, it should in\nfact be added for ALL return paths that return an error and at driver\nremoval time."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: power: Supply: rk817: reparar la fuga de recuento de nodos Dan Carpenter informa que la advertencia del verificador est\u00e1tico Smatch encontr\u00f3 que hay otra fuga de recuento en la funci\u00f3n de sonda. Si bien of_node_put() se agreg\u00f3 en una de las rutas de retorno, de hecho deber\u00eda agregarse para TODAS las rutas de retorno que devuelven un error y en el momento de eliminar el controlador."}], "lastModified": "2025-04-08T15:05:00.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FD5E2EA-023D-48A2-AEE0-F565A6045D6E", "versionEndExcluding": "6.1.56", "versionStartIncluding": "6.1.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "870FC772-173A-4A0F-B1AF-7976AD6057D3", "versionEndExcluding": "6.5.6", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}

7.1 /10