CVE-2023-54175
Runtime PM Reference Leak in Linux Kernel i2c xiic_xfer() Function
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a runtime power management (PM) reference leak in the Linux kernel's i2c xiic driver. Specifically, the xiic_xfer() function acquires a runtime PM reference when it starts and is supposed to release it when it finishes. However, there is an error path in the function where it exits early without releasing this reference, causing a leak. The fix ensures that the runtime PM reference is properly released even on error paths.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the Linux kernel version that includes the fix for the xiic_xfer() runtime PM leak in the i2c xiic driver. This ensures that the runtime PM reference is properly released on all error paths, preventing the resource leak.
How can this vulnerability impact me? :
The impact of this vulnerability is a resource leak related to runtime power management references. This could potentially lead to increased power consumption or improper power state management in devices using the affected driver, possibly affecting system stability or battery life. However, no direct security impact or exploitation details are provided.