CVE-2023-52670
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/05/2024
Last modified:
23/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
rpmsg: virtio: Free driver_override when rpmsg_remove()<br />
<br />
Free driver_override when rpmsg_remove(), otherwise<br />
the following memory leak will occur:<br />
<br />
unreferenced object 0xffff0000d55d7080 (size 128):<br />
comm "kworker/u8:2", pid 56, jiffies 4294893188 (age 214.272s)<br />
hex dump (first 32 bytes):<br />
72 70 6d 73 67 5f 6e 73 00 00 00 00 00 00 00 00 rpmsg_ns........<br />
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br />
backtrace:<br />
[] __kmem_cache_alloc_node+0x1f8/0x320<br />
[] __kmalloc_node_track_caller+0x44/0x70<br />
[] kstrndup+0x4c/0x90<br />
[] driver_set_override+0xd0/0x164<br />
[] rpmsg_register_device_override+0x98/0x170<br />
[] rpmsg_ns_register_device+0x24/0x30<br />
[] rpmsg_probe+0x2e0/0x3ec<br />
[] virtio_dev_probe+0x1c0/0x280<br />
[] really_probe+0xbc/0x2dc<br />
[] __driver_probe_device+0x78/0xe0<br />
[] driver_probe_device+0xd8/0x160<br />
[] __device_attach_driver+0xb8/0x140<br />
[] bus_for_each_drv+0x7c/0xd4<br />
[] __device_attach+0x9c/0x19c<br />
[] device_initial_probe+0x14/0x20<br />
[] bus_probe_device+0xa0/0xac
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.13 (including) | 4.19.307 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.269 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.210 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.149 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.76 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.15 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.7.3 (excluding) |
| cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/229ce47cbfdc7d3a9415eb676abbfb77d676cb08
- https://git.kernel.org/stable/c/2d27a7b19cb354c6d04bcdc9239e261ff29858d6
- https://git.kernel.org/stable/c/4e6cef3fae5c164968118a13f3fe293700adc81a
- https://git.kernel.org/stable/c/69ca89d80f2c8a1f5af429b955637beea7eead30
- https://git.kernel.org/stable/c/9a416d624e5fb7246ea97c11fbfea7e0e27abf43
- https://git.kernel.org/stable/c/d5362c37e1f8a40096452fc201c30e705750e687
- https://git.kernel.org/stable/c/dd50fe18c234bd5ff22f658f4d414e8fa8cd6a5d
- https://git.kernel.org/stable/c/f4bb1d5daf77b1a95a43277268adf0d1430c2346
- https://git.kernel.org/stable/c/229ce47cbfdc7d3a9415eb676abbfb77d676cb08
- https://git.kernel.org/stable/c/2d27a7b19cb354c6d04bcdc9239e261ff29858d6
- https://git.kernel.org/stable/c/4e6cef3fae5c164968118a13f3fe293700adc81a
- https://git.kernel.org/stable/c/69ca89d80f2c8a1f5af429b955637beea7eead30
- https://git.kernel.org/stable/c/9a416d624e5fb7246ea97c11fbfea7e0e27abf43
- https://git.kernel.org/stable/c/d5362c37e1f8a40096452fc201c30e705750e687
- https://git.kernel.org/stable/c/dd50fe18c234bd5ff22f658f4d414e8fa8cd6a5d
- https://git.kernel.org/stable/c/f4bb1d5daf77b1a95a43277268adf0d1430c2346
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html