CVE-2023-52684

Published: May 17, 2024Modified: Apr 7, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: qseecom: fix memory leaks in error paths Fix instances of returning error codes directly instead of jumping to the relevant labels where memory allocated for the SCM calls would be freed.

Affected (1)

Products: Linux: Linux Kernel

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.7 to 6.7.2

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (4)

https://git.kernel.org/stable/c/6c57d7b593c4a4e60db65d5ce0fe1d9f79ccbe9b

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/85fdbf6840455be64eac16bdfe0df3368ee3d0f0

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/6c57d7b593c4a4e60db65d5ce0fe1d9f79ccbe9b

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/85fdbf6840455be64eac16bdfe0df3368ee3d0f0

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.