CVE-2023-53266

EUVD-2023-59923
In the Linux kernel, the following vulnerability has been resolved:

arm64: acpi: Fix possible memory leak of ffh_ctxt

Allocated 'ffh_ctxt' memory leak is possible if the SMCCC version
and conduit checks fail and -EOPNOTSUPP is returned without freeing the
allocated memory.

Fix the same by moving the allocation after the SMCCC version and
conduit checks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.2 ≤
𝑥
< 6.2.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.148-1
not-affected
bookworm (security)
6.1.147-1
fixed
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.237-1
fixed
forky
6.16.3-1
fixed
sid
6.16.7-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.41-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/1b561d3949f8478c5403c9752b5533211a757226
https://git.kernel.org/stable/c/7521da2eb42d65f89f511b7912d3757cf3d9168a