CVE-2023-54221
Unknown Unknown - Not Provided
Memory Leak in Linux Kernel imx93 Clock Driver Fixed

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: clk: imx93: fix memory leak and missing unwind goto in imx93_clocks_probe In function probe(), it returns directly without unregistered hws when error occurs. Fix this by adding 'goto unregister_hws;' on line 295 and line 310. Use devm_kzalloc() instead of kzalloc() to automatically free the memory using devm_kfree() when error occurs. Replace of_iomap() with devm_of_iomap() to automatically handle the unused ioremap region and delete 'iounmap(anatop_base);' in unregister_hws.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-06-16
AI Q&A
2025-12-30
EPSS Evaluated
2026-06-15
NVD
CVE-2023-54221
EUVD
EUVD-2023-60420
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's imx93 clock driver involves a memory leak and missing cleanup steps when an error occurs during the probe() function. Specifically, the function returns early without unregistering hardware components, leading to resource leaks. The fix involves adding proper goto statements to ensure cleanup, using devm_kzalloc() instead of kzalloc() to automate memory freeing, and replacing of_iomap() with devm_of_iomap() to handle memory mapping cleanup automatically.

Impact Analysis

The vulnerability can cause memory leaks and improper resource management in the Linux kernel, potentially leading to system instability or degraded performance due to unreleased hardware resources and memory. This could affect system reliability, especially in embedded or resource-constrained environments using the imx93 clock driver.

Mitigation Strategies

To mitigate this vulnerability, update your Linux kernel to a version that includes the fix for the imx93 clocks probe memory leak and missing unwind goto issue. This involves applying the patch that adds 'goto unregister_hws;' in the probe() function and replaces kzalloc() with devm_kzalloc(), as well as replacing of_iomap() with devm_of_iomap().

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54221. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart