CVE-2023-52652

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-52652

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52652.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-52652

Downstream

BELL-CVE-2023-52652

DEBIAN-CVE-2023-52652

OESA-2024-1677

OESA-2024-1678

OESA-2024-1682

SUSE-SU-2024:1643-1

SUSE-SU-2024:1644-1

SUSE-SU-2024:1646-1

SUSE-SU-2024:1659-1

SUSE-SU-2024:1663-1

SUSE-SU-2024:1870-1

SUSE-SU-2024:2135-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

UBUNTU-CVE-2023-52652

USN-6816-1

USN-6817-1

USN-6817-2

USN-6817-3

USN-6820-1

USN-6820-2

USN-6821-1

USN-6821-2

USN-6821-3

USN-6821-4

USN-6828-1

USN-6871-1

USN-6878-1

USN-6892-1

USN-6919-1

Related

Published

2024-05-01T13:15:48Z

Modified

2025-09-18T14:42:06Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

NTB: fix possible name leak in ntbregisterdevice()

If deviceregister() fails in ntbregisterdevice(), the device name allocated by devsetname() should be freed. As per the comment in deviceregister(), callers should use putdevice() to give up the reference in the error path. So fix this by calling putdevice() in the error path so that the name can be freed in kobject_cleanup().

As a result of this, putdevice() in the error path of ntbregister_device() is removed and the actual error is returned.

[mani: reworded commit message]

References

Affected packages