CVE-2023-53308
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-16
Last updated on: 2025-12-01
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
net: fec: Better handle pm_runtime_get() failing in .remove()
In the (unlikely) event that pm_runtime_get() (disguised as
pm_runtime_resume_and_get()) fails, the remove callback returned an
error early. The problem with this is that the driver core ignores the
error value and continues removing the device. This results in a
resource leak. Worse the devm allocated resources are freed and so if a
callback of the driver is called later the register mapping is already
gone which probably results in a crash.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 4.9.206 (inc) to 4.10 (exc) |
| linux | linux_kernel | From 4.14.158 (inc) to 4.14.316 (exc) |
| linux | linux_kernel | From 4.19.88 (inc) to 4.19.284 (exc) |
| linux | linux_kernel | From 5.3.15 (inc) to 5.4 (exc) |
| linux | linux_kernel | From 5.4.1 (inc) to 5.4.244 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.181 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.113 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.30 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.3.4 (exc) |
| linux | linux_kernel | 5.4 |
| linux | linux_kernel | 6.4 |
| linux | linux_kernel | 6.4 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-415 | The product calls free() twice on the same memory address. |
