Bug 2425132 (CVE-2023-54097) - CVE-2023-54097 kernel: Linux kernel: Memory leak in stm32-pwr regulator driver can lead to denial of service
Summary: CVE-2023-54097 kernel: Linux kernel: Memory leak in stm32-pwr regulator drive...
Keywords:
Status: NEW
Alias: CVE-2023-54097
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-12-24 14:05 UTC by OSIDB Bzimport
Modified: 2026-03-03 20:55 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-12-24 14:05:18 UTC 
In the Linux kernel, the following vulnerability has been resolved:

regulator: stm32-pwr: fix of_iomap leak

Smatch reports:
drivers/regulator/stm32-pwr.c:166 stm32_pwr_regulator_probe() warn:
'base' from of_iomap() not released on lines: 151,166.

In stm32_pwr_regulator_probe(), base is not released
when devm_kzalloc() fails to allocate memory or
devm_regulator_register() fails to register a new regulator device,
which may cause a leak.

To fix this issue, replace of_iomap() with
devm_platform_ioremap_resource(). devm_platform_ioremap_resource()
is a specialized function for platform devices.
It allows 'base' to be automatically released whether the probe
function succeeds or fails.

Besides, use IS_ERR(base) instead of !base
as the return value of devm_platform_ioremap_resource()
can either be a pointer to the remapped memory or
an ERR_PTR() encoded error code if the operation fails.
Comment 1 Alexander B 2025-12-25 00:06:00 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025122409-CVE-2023-54097-3fb1@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.