CVE-2023-52520
Vulnerability from cvelistv5
Published
2024-03-02 21:52
Modified
2024-11-04 14:48
Severity ?
Summary
platform/x86: think-lmi: Fix reference leak
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52520",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-04T19:38:10.734517Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:23:59.479Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:20.769Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/124cf0ea4b82e1444ec8c7420af4e7db5558c293"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/af21c9119a37cecb7ff27ce0c2f3cf721e9d0ec4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c6e3023579de8d33256771ac0745239029e81106"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/528ab3e605cabf2f9c9bd5944d3bfe15f6e94f81"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/platform/x86/think-lmi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "124cf0ea4b82",
              "status": "affected",
              "version": "1bcad8e510b2",
              "versionType": "git"
            },
            {
              "lessThan": "af21c9119a37",
              "status": "affected",
              "version": "1bcad8e510b2",
              "versionType": "git"
            },
            {
              "lessThan": "c6e3023579de",
              "status": "affected",
              "version": "1bcad8e510b2",
              "versionType": "git"
            },
            {
              "lessThan": "528ab3e605ca",
              "status": "affected",
              "version": "1bcad8e510b2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/platform/x86/think-lmi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.136",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.59",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: think-lmi: Fix reference leak\n\nIf a duplicate attribute is found using kset_find_obj(), a reference\nto that attribute is returned which needs to be disposed accordingly\nusing kobject_put(). Move the setting name validation into a separate\nfunction to allow for this change without having to duplicate the\ncleanup code for this setting.\nAs a side note, a very similar bug was fixed in\ncommit 7295a996fdab (\"platform/x86: dell-sysman: Fix reference leak\"),\nso it seems that the bug was copied from that driver.\n\nCompile-tested only."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T14:48:28.495Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/124cf0ea4b82e1444ec8c7420af4e7db5558c293"
        },
        {
          "url": "https://git.kernel.org/stable/c/af21c9119a37cecb7ff27ce0c2f3cf721e9d0ec4"
        },
        {
          "url": "https://git.kernel.org/stable/c/c6e3023579de8d33256771ac0745239029e81106"
        },
        {
          "url": "https://git.kernel.org/stable/c/528ab3e605cabf2f9c9bd5944d3bfe15f6e94f81"
        }
      ],
      "title": "platform/x86: think-lmi: Fix reference leak",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52520",
    "datePublished": "2024-03-02T21:52:28.434Z",
    "dateReserved": "2024-02-20T12:30:33.317Z",
    "dateUpdated": "2024-11-04T14:48:28.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-52520\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-03-02T22:15:48.080\",\"lastModified\":\"2024-03-04T13:58:23.447\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nplatform/x86: think-lmi: Fix reference leak\\n\\nIf a duplicate attribute is found using kset_find_obj(), a reference\\nto that attribute is returned which needs to be disposed accordingly\\nusing kobject_put(). Move the setting name validation into a separate\\nfunction to allow for this change without having to duplicate the\\ncleanup code for this setting.\\nAs a side note, a very similar bug was fixed in\\ncommit 7295a996fdab (\\\"platform/x86: dell-sysman: Fix reference leak\\\"),\\nso it seems that the bug was copied from that driver.\\n\\nCompile-tested only.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: plataforma/x86: think-lmi: corregir fuga de referencia Si se encuentra un atributo duplicado usando kset_find_obj(), se devuelve una referencia a ese atributo que debe eliminarse en consecuencia usando kobject_put( ). Mueva la validaci\u00f3n del nombre de la configuraci\u00f3n a una funci\u00f3n separada para permitir este cambio sin tener que duplicar el c\u00f3digo de limpieza para esta configuraci\u00f3n. Como nota al margen, se solucion\u00f3 un error muy similar en el commit 7295a996fdab (\\\"plataforma/x86: dell-sysman: corregir fuga de referencia\\\"), por lo que parece que el error se copi\u00f3 de ese controlador. Compilaci\u00f3n probada \u00fanicamente.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/124cf0ea4b82e1444ec8c7420af4e7db5558c293\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/528ab3e605cabf2f9c9bd5944d3bfe15f6e94f81\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/af21c9119a37cecb7ff27ce0c2f3cf721e9d0ec4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c6e3023579de8d33256771ac0745239029e81106\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.