Memory Leak Vulnerability in Linux Kernel Affecting IMXRT1050 Clocks
CVE-2023-53264
What is CVE-2023-53264?
The Linux kernel has identified and resolved a critical memory leak vulnerability in the IMXRT1050 clock driver, specifically within the clk-imxrt1050 module. The issue arises from improper handling of memory allocation, where errors during the mapping of I/O regions can lead to allocated memory not being freed. This situation can result in a memory leak if not managed properly. To address this, developers are advised to utilize the devm_of_iomap() function instead of of_iomap(), which ensures automated freeing of memory. Additionally, enhanced error handling has been introduced to better manage hardware state registrations when I/O mapping fails, including a newly added unregister_hws label to ensure clean-up processes are executed properly.
Affected Version(s)
Linux 7154b046d8f3a441474ced1688eb348d42f5f165 < 1839032251a66f2ae5a043c495532830a55d28c4
Linux 7154b046d8f3a441474ced1688eb348d42f5f165 < 0fbdfd2542252e4c02e8158a06b7c0c9cfd40f99
Linux 7154b046d8f3a441474ced1688eb348d42f5f165 < 02e54db221bb001b32f839e0149ee8d890ab9aa1