CVE-2023-52652

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-52652
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52652.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-52652
Downstream
Related
Published
2024-05-01T13:15:48Z
Modified
2025-09-18T14:42:06Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

NTB: fix possible name leak in ntbregisterdevice()

If deviceregister() fails in ntbregisterdevice(), the device name allocated by devsetname() should be freed. As per the comment in deviceregister(), callers should use putdevice() to give up the reference in the error path. So fix this by calling putdevice() in the error path so that the name can be freed in kobject_cleanup().

As a result of this, putdevice() in the error path of ntbregister_device() is removed and the actual error is returned.

[mani: reworded commit message]

References

Affected packages