CVE-2023-54097
Unknown Unknown - Not Provided
Memory Leak in Linux Kernel stm32-pwr Regulator Driver

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: regulator: stm32-pwr: fix of_iomap leak Smatch reports: drivers/regulator/stm32-pwr.c:166 stm32_pwr_regulator_probe() warn: 'base' from of_iomap() not released on lines: 151,166. In stm32_pwr_regulator_probe(), base is not released when devm_kzalloc() fails to allocate memory or devm_regulator_register() fails to register a new regulator device, which may cause a leak. To fix this issue, replace of_iomap() with devm_platform_ioremap_resource(). devm_platform_ioremap_resource() is a specialized function for platform devices. It allows 'base' to be automatically released whether the probe function succeeds or fails. Besides, use IS_ERR(base) instead of !base as the return value of devm_platform_ioremap_resource() can either be a pointer to the remapped memory or an ERR_PTR() encoded error code if the operation fails.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2023-54097
EUVD
EUVD-2023-60348
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a memory leak in the Linux kernel's stm32-pwr regulator driver. Specifically, in the function stm32_pwr_regulator_probe(), the 'base' resource obtained via of_iomap() is not properly released if memory allocation (devm_kzalloc()) or regulator registration (devm_regulator_register()) fails. This can cause a resource leak. The fix replaces of_iomap() with devm_platform_ioremap_resource(), which automatically releases the resource regardless of success or failure, and changes error checking to use IS_ERR() for proper error handling.


How can this vulnerability impact me? :

This vulnerability can lead to a resource leak in the Linux kernel when the stm32-pwr regulator driver fails during initialization. Over time, such leaks may cause increased memory usage or resource exhaustion, potentially leading to degraded system performance or instability.


What immediate steps should I take to mitigate this vulnerability?

Update the Linux kernel to a version that includes the fix for the stm32-pwr regulator of_iomap leak vulnerability. The fix involves replacing of_iomap() with devm_platform_ioremap_resource() in the stm32_pwr_regulator_probe() function to ensure proper resource release. Applying the latest kernel patches or updates from your Linux distribution that address this issue is the recommended mitigation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart