CVE-2023-54228
Resource Leak in Linux Kernel Clock Regulator Fixed
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the resource leak in the regulator raa215300 driver. The fix involves using devm_clk_hw_register_fixed_rate() and devm_clk_hw_register_clkdev() to properly manage memory allocation and avoid leaks. Avoid using vulnerable kernel versions that do not include these changes.
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves a resource leak caused by memory allocated during clock device registration not being freed properly in error paths. Specifically, memory allocated by clk_register_clkdev() and clk_register_fixed_rate() is not released if an error occurs. The fix involves using devm_clk_hw_register_fixed_rate() and devm_clk_hw_register_clkdev() to ensure proper resource management and replacing a static variable with a local variable to avoid unnecessary unregister calls.
How can this vulnerability impact me? :
The impact of this vulnerability is a resource leak in the Linux kernel, which could lead to increased memory usage and potentially degrade system stability or performance over time if errors occur during clock device registration.