CVE-2023-52929
MEDIUM EPSS 13.2%
Published Mar 27, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Published Mar 27, 2025 1y ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix cleanup after dev_set_name() If dev_set_name() fails, we leak nvmem->wp_gpio as the cleanup does not put this. While a minimal fix for this would be to add the gpiod_put() call, we can do better if we split device_register(), and use the tested nvmem_release() cleanup code by initialising the device early, and putting the device. This results in a slightly larger fix, but results in clear code. Note: this patch depends on "nvmem: core: initialise nvmem->id early" and "nvmem: core: remove nvmem_config wp_gpio". [Srini: Fixed subject line and error code handing with wp_gpio while applying.]
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
13.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-459
Affected Products 7
References 4
- git.kernel.org https://git.kernel.org/stable/c/23676ecd2eb377f7c24a6ff578b0f4c7135658b6
- git.kernel.org https://git.kernel.org/stable/c/39708bc8da7858de0bed9b3a88b3beb1d1e0b443
- git.kernel.org https://git.kernel.org/stable/c/560181d3ace61825f4ca9dd3481d6c0ee6709fa8
- git.kernel.org https://git.kernel.org/stable/c/8f9c4b2a3b132bf6698e477aba6ee194b40c75f4
Remediation
- git.kernel.org https://git.kernel.org/stable/c/23676ecd2eb377f7c24a6ff578b0f4c7135658b6
- git.kernel.org https://git.kernel.org/stable/c/39708bc8da7858de0bed9b3a88b3beb1d1e0b443
- git.kernel.org https://git.kernel.org/stable/c/560181d3ace61825f4ca9dd3481d6c0ee6709fa8
- git.kernel.org https://git.kernel.org/stable/c/8f9c4b2a3b132bf6698e477aba6ee194b40c75f4