CVE-2023-53234

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> watchdog: Fix kmemleak in watchdog_cdev_register<br /> <br /> kmemleak reports memory leaks in watchdog_dev_register, as follows:<br /> unreferenced object 0xffff888116233000 (size 2048):<br /> comm ""modprobe"", pid 28147, jiffies 4353426116 (age 61.741s)<br /> hex dump (first 32 bytes):<br /> 80 fa b9 05 81 88 ff ff 08 30 23 16 81 88 ff ff .........0#.....<br /> 08 30 23 16 81 88 ff ff 00 00 00 00 00 00 00 00 .0#.............<br /> backtrace:<br /> [] __kmem_cache_alloc_node+0x157/0x220<br /> [] kmalloc_trace+0x21/0x110<br /> [] watchdog_dev_register+0x4e/0x780 [watchdog]<br /> [] __watchdog_register_device+0x4f0/0x680 [watchdog]<br /> [] watchdog_register_device+0xd2/0x110 [watchdog]<br /> [] 0xffffffffc10880ae<br /> [] do_one_initcall+0xcb/0x4d0<br /> [] do_init_module+0x1ca/0x5f0<br /> [] load_module+0x6133/0x70f0<br /> ...<br /> <br /> unreferenced object 0xffff888105b9fa80 (size 16):<br /> comm ""modprobe"", pid 28147, jiffies 4353426116 (age 61.741s)<br /> hex dump (first 16 bytes):<br /> 77 61 74 63 68 64 6f 67 31 00 b9 05 81 88 ff ff watchdog1.......<br /> backtrace:<br /> [] __kmem_cache_alloc_node+0x157/0x220<br /> [] __kmalloc_node_track_caller+0x44/0x1b0<br /> [] kvasprintf+0xb5/0x140<br /> [] kvasprintf_const+0x55/0x180<br /> [] kobject_set_name_vargs+0x56/0x150<br /> [] dev_set_name+0xab/0xe0<br /> [] watchdog_dev_register+0x285/0x780 [watchdog]<br /> [] __watchdog_register_device+0x4f0/0x680 [watchdog]<br /> [] watchdog_register_device+0xd2/0x110 [watchdog]<br /> [] 0xffffffffc10880ae<br /> [] do_one_initcall+0xcb/0x4d0<br /> [] do_init_module+0x1ca/0x5f0<br /> [] load_module+0x6133/0x70f0<br /> ...<br /> <br /> The reason is that put_device is not be called if cdev_device_add fails<br /> and wdd-&gt;id != 0.<br /> <br /> watchdog_cdev_register<br /> wd_data = kzalloc [1]<br /> err = dev_set_name [2]<br /> ..<br /> err = cdev_device_add<br /> if (err) {<br /> if (wdd-&gt;id == 0) { // wdd-&gt;id != 0<br /> ..<br /> }<br /> return err; // [1],[2] would be leaked<br /> <br /> To fix it, call put_device in all wdd-&gt;id cases.