CVE-2023-52929
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-52929
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52929.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-52929
- Downstream
- Published
- 2025-03-27T17:15:42Z
- Modified
- 2025-08-09T20:01:27Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nvmem: core: fix cleanup after devsetname()
If devsetname() fails, we leak nvmem->wpgpio as the cleanup does not put this. While a minimal fix for this would be to add the gpiodput() call, we can do better if we split deviceregister(), and use the tested nvmemrelease() cleanup code by initialising the device early, and putting the device.
This results in a slightly larger fix, but results in clear code.
Note: this patch depends on "nvmem: core: initialise nvmem->id early" and "nvmem: core: remove nvmemconfig wpgpio".
[Srini: Fixed subject line and error code handing with wp_gpio while applying.]
- References