CVE-2023-53514

01.10.2025, 12:15

In the Linux kernel, the following vulnerability has been resolved:

gpu: host1x: Fix memory leak of device names

The device names allocated by dev_set_name() need be freed
before module unloading, but they can not be freed because
the kobject's refcount which was set in device_initialize()
has not be decreased to 0.

As comment of device_add() says, if it fails, use only
put_device() drop the refcount, then the name will be
freed in kobejct_cleanup().

device_del() and put_device() can be replaced with
device_unregister(), so call it to unregister the added
successfully devices, and just call put_device() to the
not added device.

Add a release() function to device to avoid null release()
function WARNING in device_release(), it's empty, because
the context devices are freed together in
host1x_memory_context_list_free().

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.237-1 fixed
bookworm	6.1.148-1 fixed
bookworm (security)	6.1.153-1 fixed
trixie	6.12.43-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.16.8-1 fixed
sid	6.16.9-1 fixed

References

https://git.kernel.org/stable/c/3ab0f5ddb761270b11d8c90b8550a59666cfc9bb

https://git.kernel.org/stable/c/55879dad0f3ae8468444b42f785ad79eac05fe5b

https://git.kernel.org/stable/c/958c6cbc32996c375af42db96ceba021a1959899

https://git.kernel.org/stable/c/dba1aeaaf3d0e2f996cb0a5609e5e85ecf405a5c