CVE-2023-52520

Updated: 2024-12-11 19:30:33.762829

Description:

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using kset_find_obj(), a reference to that attribute is returned which needs to be disposed accordingly using kobject_put(). Move the setting name validation into a separate function to allow for this change without having to duplicate the cleanup code for this setting. As a side note, a very similar bug was fixed in commit 7295a996fdab ("platform/x86: dell-sysman: Fix reference leak"), so it seems that the bug was copied from that driver. Compile-tested only.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 5.5 MEDIUM Released CLSA-2024:1722533082 2024-08-01 14:33:53
AlmaLinux 9.2 FIPS kernel 5.14.0 5.5 MEDIUM Released CLSA-2024:1722530110 2024-08-01 14:33:53
CentOS 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-06-24 10:10:36
CentOS 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-06-24 11:20:35
CentOS 8.4 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-06-24 11:20:35
CentOS 8.5 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-06-24 11:20:35
CentOS Stream 8 ELS kernel 4.18.0 5.5 MEDIUM Already Fixed 2024-06-09 14:19:04
CloudLinux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-06-24 10:10:36
Oracle Linux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-06-24 10:10:36