← Back

CVE-2023-53308

nvd nist
Published: Sep 16, 2025Modified: Jan 14, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: net: fec: Better handle pm_runtime_get() failing in .remove() In the (unlikely) event that pm_runtime_get() (disguised as pm_runtime_resume_and_get()) fails, the remove callback returned an error early. The problem with this is that the driver core ignores the error value and continues removing the device. This results in a resource leak. Worse the devm allocated resources are freed and so if a callback of the driver is called later the register mapping is already gone which probably results in a crash.

Affected (12)

Products: Linux: Linux Kernel
Linux
1 product
Linux Kernel
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 4.14.158 to 4.14.316
Linux Kernel
From 4.19.88 to 4.19.284
Linux Kernel
From 4.9.206 to 4.10
Linux Kernel
From 5.11 to 5.15.113
Linux Kernel
From 5.16 to 6.1.30
Linux Kernel
From 5.3.15 to 5.4
Linux Kernel
From 5.4.1 to 5.4.244
Linux Kernel
From 5.5 to 5.10.181
Linux Kernel
From 6.2 to 6.3.4
Linux Kernel
Version 5.4
Linux Kernel
Version 6.4 rc1
Linux Kernel
Version 6.4 rc2

Related CWEs

CWE-415
Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (8)

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch

Timeline

No history available yet.