CVE-2023-52670Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective Lifetime24 documents9 sources
Severity
5.5MEDIUMNVD
OSV7.5
EPSS
0.0%
top 99.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedMay 17
Latest updateAug 14

Description

In the Linux kernel, the following vulnerability has been resolved: rpmsg: virtio: Free driver_override when rpmsg_remove() Free driver_override when rpmsg_remove(), otherwise the following memory leak will occur: unreferenced object 0xffff0000d55d7080 (size 128): comm "kworker/u8:2", pid 56, jiffies 4294893188 (age 214.272s) hex dump (first 32 bytes): 72 70 6d 73 67 5f 6e 73 00 00 00 00 00 00 00 00 rpmsg_ns........ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel4.134.19.307+6
Debianlinux/linux_kernel< 5.10.216-1+3
CVEListV5linux/linuxb0b03b8119633de0649da9bd506e4850c401ff2b229ce47cbfdc7d3a9415eb676abbfb77d676cb08+8
debiandebian/linux< linux 6.1.76-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

10
OSV
linux-oracle-6.5 vulnerabilities2024-06-26
OSV
linux-hwe-6.5 vulnerabilities2024-06-18
OSV
linux-nvidia-6.5 vulnerabilities2024-06-14
OSV
linux-oem-6.5 vulnerabilities2024-06-12
OSV
linux-aws, linux-oracle vulnerabilities2024-06-11

📋Vendor Advisories

12
CISA ICS
Siemens SINEC OS2025-08-14
Ubuntu
Linux kernel (Oracle) vulnerabilities2024-06-26
Ubuntu
Linux kernel (HWE) vulnerabilities2024-06-18
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2024-06-14
Ubuntu
Linux kernel (OEM) vulnerabilities2024-06-12

💬Community

1
Bugzilla
CVE-2023-52670 kernel: rpmsg: virtio: Free driver_override when rpmsg_remove()2024-05-18