CVE-2023-54221
Memory Leak in Linux Kernel imx93 Clock Driver Fixed
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's imx93 clock driver involves a memory leak and missing cleanup steps when an error occurs during the probe() function. Specifically, the function returns early without unregistering hardware components, leading to resource leaks. The fix involves adding proper goto statements to ensure cleanup, using devm_kzalloc() instead of kzalloc() to automate memory freeing, and replacing of_iomap() with devm_of_iomap() to handle memory mapping cleanup automatically.
How can this vulnerability impact me? :
The vulnerability can cause memory leaks and improper resource management in the Linux kernel, potentially leading to system instability or degraded performance due to unreleased hardware resources and memory. This could affect system reliability, especially in embedded or resource-constrained environments using the imx93 clock driver.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Linux kernel to a version that includes the fix for the imx93 clocks probe memory leak and missing unwind goto issue. This involves applying the patch that adds 'goto unregister_hws;' in the probe() function and replaces kzalloc() with devm_kzalloc(), as well as replacing of_iomap() with devm_of_iomap().