CVE-2023-54228
Unknown Unknown - Not Provided
Resource Leak in Linux Kernel Clock Regulator Fixed

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: regulator: raa215300: Fix resource leak in case of error The clk_register_clkdev() allocates memory by calling vclkdev_alloc() and this memory is not freed in the error path. Similarly, resources allocated by clk_register_fixed_rate() are not freed in the error path. Fix these issues by using devm_clk_hw_register_fixed_rate() and devm_clk_hw_register_clkdev(). After this, the static variable clk is not needed. Replace it withΒ  local variable hw in probe() and drop calling clk_unregister_fixed_rate() from raa215300_rtc_unregister_device().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-06-16
AI Q&A
2025-12-30
EPSS Evaluated
2026-06-15
NVD
CVE-2023-54228
EUVD
EUVD-2023-60413
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the resource leak in the regulator raa215300 driver. The fix involves using devm_clk_hw_register_fixed_rate() and devm_clk_hw_register_clkdev() to properly manage memory allocation and avoid leaks. Avoid using vulnerable kernel versions that do not include these changes.

Executive Summary

This vulnerability in the Linux kernel involves a resource leak caused by memory allocated during clock device registration not being freed properly in error paths. Specifically, memory allocated by clk_register_clkdev() and clk_register_fixed_rate() is not released if an error occurs. The fix involves using devm_clk_hw_register_fixed_rate() and devm_clk_hw_register_clkdev() to ensure proper resource management and replacing a static variable with a local variable to avoid unnecessary unregister calls.

Impact Analysis

The impact of this vulnerability is a resource leak in the Linux kernel, which could lead to increased memory usage and potentially degrade system stability or performance over time if errors occur during clock device registration.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54228. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart