2355534 – (CVE-2023-52929) CVE-2023-52929 kernel: nvmem: core: fix cleanup after dev_set_name()

Bug 2355534 (CVE-2023-52929) - CVE-2023-52929 kernel: nvmem: core: fix cleanup after dev_set_name()

Summary: CVE-2023-52929 kernel: nvmem: core: fix cleanup after dev_set_name()

Keywords:
Status:	NEW
Alias:	CVE-2023-52929
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-03-27 17:05 UTC by OSIDB Bzimport
Modified:	2025-04-01 04:14 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-03-27 17:05:53 UTC

In the Linux kernel, the following vulnerability has been resolved:

nvmem: core: fix cleanup after dev_set_name()

If dev_set_name() fails, we leak nvmem->wp_gpio as the cleanup does not
put this. While a minimal fix for this would be to add the gpiod_put()
call, we can do better if we split device_register(), and use the
tested nvmem_release() cleanup code by initialising the device early,
and putting the device.

This results in a slightly larger fix, but results in clear code.

Note: this patch depends on "nvmem: core: initialise nvmem->id early"
and "nvmem: core: remove nvmem_config wp_gpio".

[Srini: Fixed subject line and error code handing with wp_gpio while applying.]

Comment 1 Robb Gatica 2025-03-27 18:52:02 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025032719-CVE-2023-52929-7900@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.