CVE-2023-54097Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: regulator: stm32-pwr: fix of_iomap leak Smatch reports: drivers/regulator/stm32-pwr.c:166 stm32_pwr_regulator_probe() warn: 'base' from of_iomap() not released on lines: 151,166. In stm32_pwr_regulator_probe(), base is not released when devm_kzalloc() fails to allocate memory or devm_regulator_register() fails to register a new regulator device, which may cause a leak. To fix this issue, replace of_iomap() with devm_platform

Affected Packages4 packages

Linuxlinux/linux_kernel5.2.05.4.243+5
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxdc62f951a6a8490bcccc7b6de36cd85bd57be740824683dbec234a01bd49a0589ee3323594a6f4cf+7
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
regulator: stm32-pwr: fix of_iomap leak2025-12-24
GHSA
GHSA-qhvp-r58q-c426: In the Linux kernel, the following vulnerability has been resolved: regulator: stm32-pwr: fix of_iomap leak Smatch reports: drivers/regulator/stm32-2025-12-24
OSV
CVE-2023-54097: In the Linux kernel, the following vulnerability has been resolved: regulator: stm32-pwr: fix of_iomap leak Smatch reports: drivers/regulator/stm32-pw2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Memory leak in stm32-pwr regulator driver can lead to denial of service2025-12-24
Debian
CVE-2023-54097: linux - In the Linux kernel, the following vulnerability has been resolved: regulator: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54097 Impact, Exploitability, and Mitigation Steps | Wiz