Linux Kernel Vulnerability in NVMEM Core by Linux Foundation
CVE-2023-52929

Currently unrated

Key Information:

Vendor: WordPress
Status: Linux
Vendor: CVE Published:; 27 March 2025

What is CVE-2023-52929?

In the Linux Kernel, an issue within the NVMEM core has been identified where improper cleanup occurs if the dev_set_name() function fails. Specifically, this leads to a resource leak of the nvmem->wp_gpio during device registration. To mitigate this, a better approach involves restructuring the device registration process. By initializing the device early and employing the tested nvmem_release() cleanup code, we can enhance reliability and maintainability. This ensures the nvmem->id is correctly set up before any cleanup action is performed, thus preventing resource leaks.

Affected Version(s)

Linux a19a0f67dbb89ad2bfc466f2003841acba645884 < 23676ecd2eb377f7c24a6ff578b0f4c7135658b6

Linux 14eea6449473c1f55e196cc104ba16d144465869 < 8f9c4b2a3b132bf6698e477aba6ee194b40c75f4

Linux 5544e90c81261e82e02bbf7c6015a4b9c8c825ef < 39708bc8da7858de0bed9b3a88b3beb1d1e0b443

References

https://git.kernel.org/stable/c/23676ecd2eb377f7c24a6ff57...

https://git.kernel.org/stable/c/8f9c4b2a3b132bf6698e477ab...

https://git.kernel.org/stable/c/39708bc8da7858de0bed9b3a8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2025
Vulnerability Reserved
Aug 21, 2024

WordPress

What is CVE-2023-52929?

Affected Version(s)

References

Timeline