CVE-2023-52929
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/03/2025
Last modified:
28/10/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
nvmem: core: fix cleanup after dev_set_name()<br />
<br />
If dev_set_name() fails, we leak nvmem->wp_gpio as the cleanup does not<br />
put this. While a minimal fix for this would be to add the gpiod_put()<br />
call, we can do better if we split device_register(), and use the<br />
tested nvmem_release() cleanup code by initialising the device early,<br />
and putting the device.<br />
<br />
This results in a slightly larger fix, but results in clear code.<br />
<br />
Note: this patch depends on "nvmem: core: initialise nvmem->id early"<br />
and "nvmem: core: remove nvmem_config wp_gpio".<br />
<br />
[Srini: Fixed subject line and error code handing with wp_gpio while applying.]
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1 (including) | 6.1.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.2:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.2:rc6:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page