Vulnerability DatabaseCVE-2023-52670
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-52670
May 17, 2024
In the Linux kernel, the following vulnerability has been resolved: rpmsg: virtio: Free driver_override when rpmsg_remove() Free driver_override when rpmsg_remove(), otherwise the following memory leak will occur: unreferenced object 0xffff0000d55d7080 (size 128): comm "kworker/u8:2", pid 56, jiffies 4294893188 (age 214.272s) hex dump (first 32 bytes): 72 70 6d 73 67 5f 6e 73 00 00 00 00 00 00 00 00 rpmsg_ns........ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000009c94c9c1>] __kmem_cache_alloc_node+0x1f8/0x320 [<000000002300d89b>] __kmalloc_node_track_caller+0x44/0x70 [<00000000228a60c3>] kstrndup+0x4c/0x90 [<0000000077158695>] driver_set_override+0xd0/0x164 [<000000003e9c4ea5>] rpmsg_register_device_override+0x98/0x170 [<000000001c0c89a8>] rpmsg_ns_register_device+0x24/0x30 [<000000008bbf8fa2>] rpmsg_probe+0x2e0/0x3ec [<00000000e65a68df>] virtio_dev_probe+0x1c0/0x280 [<00000000443331cc>] really_probe+0xbc/0x2dc [<00000000391064b1>] __driver_probe_device+0x78/0xe0 [<00000000a41c9a5b>] driver_probe_device+0xd8/0x160 [<000000009c3bd5df>] __device_attach_driver+0xb8/0x140 [<0000000043cd7614>] bus_for_each_drv+0x7c/0xd4 [<000000003b929a36>] __device_attach+0x9c/0x19c [<00000000a94e0ba8>] device_initial_probe+0x14/0x20 [<000000003c999637>] bus_probe_device+0xa0/0xac
Related ResourcesĀ (13)
https://git.kernel.org/stable/c/dd50fe18c234bd5ff22f658f4d414e8fa8cd6a5d
https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52670.json
https://git.kernel.org/stable/c/d5362c37e1f8a40096452fc201c30e705750e687
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://git.kernel.org/stable/c/229ce47cbfdc7d3a9415eb676abbfb77d676cb08
https://git.kernel.org/stable/c/2d27a7b19cb354c6d04bcdc9239e261ff29858d6
https://git.kernel.org/stable/c/4e6cef3fae5c164968118a13f3fe293700adc81a
https://git.kernel.org/stable/c/9a416d624e5fb7246ea97c11fbfea7e0e27abf43
https://git.kernel.org/stable/c/f4bb1d5daf77b1a95a43277268adf0d1430c2346
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://nvd.nist.gov/vuln/detail/CVE-2023-52670
https://git.kernel.org/stable/c/69ca89d80f2c8a1f5af429b955637beea7eead30
Do you need more information?
Contact Us
CVSS v4
Base Score:
7
Attack Vector
PHYSICAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.6
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Missing Release of Memory after Effective Lifetime
CWE-401
EPSS
Base Score:
0.03