CVE-2023-54290
Resource Leak in Linux Kernel Mediatek Thermal Driver
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a resource leak in the Linux kernel's Mediatek thermal driver. Specifically, the mtk_thermal_probe function uses of_iomap to map hardware resources but fails to release these mappings when errors occur, leading to resource leaks. The fix involves switching to devm_of_iomap, which automatically manages the resource lifecycle to prevent leaks.
How can this vulnerability impact me? :
The impact of this vulnerability is a resource leak in the kernel, which could lead to inefficient resource usage or potential system instability over time if the leaked resources accumulate. However, there is no indication of direct security compromise such as privilege escalation or data exposure.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch that switches the code to use devm_of_iomap in the mtk_thermal_probe function to ensure proper release of iomap resources and avoid resource leaks.