CVE - CVE-2023-52730

CVE-ID
CVE-2023-52730	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: mmc: sdio: fix possible resource leaks in some error paths If sdio_add_func() or sdio_init_func() fails, sdio_remove_func() can not release the resources, because the sdio function is not presented in these two cases, it won't call of_node_put() or put_device(). To fix these leaks, make sdio_func_present() only control whether device_del() needs to be called or not, then always call of_node_put() and put_device(). In error case in sdio_init_func(), the reference of 'card->dev' is not get, to avoid redundant put in sdio_free_func_cis(), move the get_device() to sdio_alloc_func() and put_device() to sdio_release_func(), it can keep the get/put function be balanced. Without this patch, while doing fault inject test, it can get the following leak reports, after this fix, the leak is gone. unreferenced object 0xffff888112514000 (size 2048): comm "kworker/3:2", pid 65, jiffies 4294741614 (age 124.774s) hex dump (first 32 bytes): 00 e0 6f 12 81 88 ff ff 60 58 8d 06 81 88 ff ff ..o.....`X...... 10 40 51 12 81 88 ff ff 10 40 51 12 81 88 ff ff .@Q......@Q..... backtrace: [<000000009e5931da>] kmalloc_trace+0x21/0x110 [<000000002f839ccb>] mmc_alloc_card+0x38/0xb0 [mmc_core] [<0000000004adcbf6>] mmc_sdio_init_card+0xde/0x170 [mmc_core] [<000000007538fea0>] mmc_attach_sdio+0xcb/0x1b0 [mmc_core] [<00000000d4fdeba7>] mmc_rescan+0x54a/0x640 [mmc_core] unreferenced object 0xffff888112511000 (size 2048): comm "kworker/3:2", pid 65, jiffies 4294741623 (age 124.766s) hex dump (first 32 bytes): 00 40 51 12 81 88 ff ff e0 58 8d 06 81 88 ff ff .@Q......X...... 10 10 51 12 81 88 ff ff 10 10 51 12 81 88 ff ff ..Q.......Q..... backtrace: [<000000009e5931da>] kmalloc_trace+0x21/0x110 [<00000000fcbe706c>] sdio_alloc_func+0x35/0x100 [mmc_core] [<00000000c68f4b50>] mmc_attach_sdio.cold.18+0xb1/0x395 [mmc_core] [<00000000d4fdeba7>] mmc_rescan+0x54a/0x640 [mmc_core]
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/1e06cf04239e202248c8fa356bf11449dc73cfbd URL:https://git.kernel.org/stable/c/1e06cf04239e202248c8fa356bf11449dc73cfbd MISC:https://git.kernel.org/stable/c/30716d9f0fa1766e522cf24c8a456244e4fc9931 URL:https://git.kernel.org/stable/c/30716d9f0fa1766e522cf24c8a456244e4fc9931 MISC:https://git.kernel.org/stable/c/5c7858adada31dbed042448cff6997dd6efc472a URL:https://git.kernel.org/stable/c/5c7858adada31dbed042448cff6997dd6efc472a MISC:https://git.kernel.org/stable/c/605d9fb9556f8f5fb4566f4df1480f280f308ded URL:https://git.kernel.org/stable/c/605d9fb9556f8f5fb4566f4df1480f280f308ded MISC:https://git.kernel.org/stable/c/761db46b29b496946046d8cb33c7ea6de6bef36e URL:https://git.kernel.org/stable/c/761db46b29b496946046d8cb33c7ea6de6bef36e MISC:https://git.kernel.org/stable/c/92ff03c2563c9b57a027c744750f3b7d2f261c58 URL:https://git.kernel.org/stable/c/92ff03c2563c9b57a027c744750f3b7d2f261c58 MISC:https://git.kernel.org/stable/c/f855d31bb38d663c3ba672345d7cce9324ba3b72 URL:https://git.kernel.org/stable/c/f855d31bb38d663c3ba672345d7cce9324ba3b72
Assigning CNA
kernel.org
Date Record Created
20240521	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240521)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)