CVE-2023-52730

{"id": "CVE-2023-52730", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-21T16:15:13.157", "references": [{"url": "https://git.kernel.org/stable/c/1e06cf04239e202248c8fa356bf11449dc73cfbd", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/30716d9f0fa1766e522cf24c8a456244e4fc9931", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5c7858adada31dbed042448cff6997dd6efc472a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/605d9fb9556f8f5fb4566f4df1480f280f308ded", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/761db46b29b496946046d8cb33c7ea6de6bef36e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/92ff03c2563c9b57a027c744750f3b7d2f261c58", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f855d31bb38d663c3ba672345d7cce9324ba3b72", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/1e06cf04239e202248c8fa356bf11449dc73cfbd", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/30716d9f0fa1766e522cf24c8a456244e4fc9931", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/5c7858adada31dbed042448cff6997dd6efc472a", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/605d9fb9556f8f5fb4566f4df1480f280f308ded", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/761db46b29b496946046d8cb33c7ea6de6bef36e", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/92ff03c2563c9b57a027c744750f3b7d2f261c58", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/f855d31bb38d663c3ba672345d7cce9324ba3b72", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: sdio: fix possible resource leaks in some error paths\n\nIf sdio_add_func() or sdio_init_func() fails, sdio_remove_func() can\nnot release the resources, because the sdio function is not presented\nin these two cases, it won't call of_node_put() or put_device().\n\nTo fix these leaks, make sdio_func_present() only control whether\ndevice_del() needs to be called or not, then always call of_node_put()\nand put_device().\n\nIn error case in sdio_init_func(), the reference of 'card->dev' is\nnot get, to avoid redundant put in sdio_free_func_cis(), move the\nget_device() to sdio_alloc_func() and put_device() to sdio_release_func(),\nit can keep the get/put function be balanced.\n\nWithout this patch, while doing fault inject test, it can get the\nfollowing leak reports, after this fix, the leak is gone.\n\nunreferenced object 0xffff888112514000 (size 2048):\n comm \"kworker/3:2\", pid 65, jiffies 4294741614 (age 124.774s)\n hex dump (first 32 bytes):\n 00 e0 6f 12 81 88 ff ff 60 58 8d 06 81 88 ff ff ..o.....`X......\n 10 40 51 12 81 88 ff ff 10 40 51 12 81 88 ff ff .@Q......@Q.....\n backtrace:\n [<000000009e5931da>] kmalloc_trace+0x21/0x110\n [<000000002f839ccb>] mmc_alloc_card+0x38/0xb0 [mmc_core]\n [<0000000004adcbf6>] mmc_sdio_init_card+0xde/0x170 [mmc_core]\n [<000000007538fea0>] mmc_attach_sdio+0xcb/0x1b0 [mmc_core]\n [<00000000d4fdeba7>] mmc_rescan+0x54a/0x640 [mmc_core]\n\nunreferenced object 0xffff888112511000 (size 2048):\n comm \"kworker/3:2\", pid 65, jiffies 4294741623 (age 124.766s)\n hex dump (first 32 bytes):\n 00 40 51 12 81 88 ff ff e0 58 8d 06 81 88 ff ff [email protected]......\n 10 10 51 12 81 88 ff ff 10 10 51 12 81 88 ff ff ..Q.......Q.....\n backtrace:\n [<000000009e5931da>] kmalloc_trace+0x21/0x110\n [<00000000fcbe706c>] sdio_alloc_func+0x35/0x100 [mmc_core]\n [<00000000c68f4b50>] mmc_attach_sdio.cold.18+0xb1/0x395 [mmc_core]\n [<00000000d4fdeba7>] mmc_rescan+0x54a/0x640 [mmc_core]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mmc: sdio: soluciona posibles fugas de recursos en algunas rutas de error. Si sdio_add_func() o sdio_init_func() falla, sdio_remove_func() no puede liberar los recursos, porque no se presenta la funci\u00f3n sdio en estos dos casos, no llamar\u00e1 a of_node_put() o put_device(). Para solucionar estas fugas, haga que sdio_func_present() solo controle si es necesario llamar a device_del() o no, luego llame siempre a of_node_put() y put_device(). En caso de error en sdio_init_func(), la referencia de 'card-&gt;dev' no se obtiene, para evitar la colocaci\u00f3n redundante en sdio_free_func_cis(), mueva get_device() a sdio_alloc_func() y put_device() a sdio_release_func(), puede mantenga equilibrada la funci\u00f3n get/put. Sin este parche, mientras realiza la prueba de inyecci\u00f3n de fallas, puede obtener los siguientes informes de fugas; despu\u00e9s de esta soluci\u00f3n, la fuga desaparece. objeto sin referencia 0xffff888112514000 (tama\u00f1o 2048): comunicaci\u00f3n \"kworker/3:2\", pid 65, jiffies 4294741614 (edad 124,774 s) volcado hexadecimal (primeros 32 bytes): 00 e0 6f 12 81 88 ff ff 60 58 8d 06 81 8 y siguientes ff ..o.....`X...... 10 40 51 12 81 88 ff ff 10 40 51 12 81 88 ff ff .@Q......@Q..... retroceso : [&lt;000000009e5931da&gt;] kmalloc_trace+0x21/0x110 [&lt;000000002f839ccb&gt;] mmc_alloc_card+0x38/0xb0 [mmc_core] [&lt;0000000004adcbf6&gt;] mmc_sdio_init_card+0xde/0x170 [mmc_core] [&lt;000000007538fea0&gt;] mmc_attach_sdio+0xcb/0x1b0 [mmc_core] [&lt;00000000d4fdeba7&gt;] mmc_rescan+0x54a/0x640 [mmc_core] objeto sin referencia 0xffff888112511000 (tama\u00f1o 2048): comm \"kworker/3:2\", pid 65, santiam\u00e9n 4294741623 (edad 124,766 s) volcado hexadecimal (primero 32 bytes): 00 40 51 12 81 88 ff ff e0 58 8d 06 81 88 ff ff [email protected]...... 10 10 51 12 81 88 ff ff 10 10 51 12 81 88 ff ff ..Q. ......P..... rastreo inverso: [&lt;000000009e5931da&gt;] kmalloc_trace+0x21/0x110 [&lt;00000000fcbe706c&gt;] sdio_alloc_func+0x35/0x100 [mmc_core] [&lt;00000000c68f4b50&gt;] mmc_attach_sdio.cold. 18+0xb1/ 0x395 [mmc_core] [&lt;00000000d4fdeba7&gt;] mmc_rescan+0x54a/0x640 [mmc_core]"}], "lastModified": "2025-09-23T18:57:24.373", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB481E70-4E92-4A19-88FC-7A6923121461", "versionEndExcluding": "4.14.306", "versionStartIncluding": "2.6.33"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC86F278-A337-4A8A-A7BB-758898345802", "versionEndExcluding": "4.19.273", "versionStartIncluding": "4.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C6E0696-3702-4B0C-A102-2753BDC8C3D3", "versionEndExcluding": "5.4.232", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8E6784B-A00F-47F0-882B-7209E1F374B7", "versionEndExcluding": "5.10.169", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8508F80E-8588-4976-A2BA-7A2D85018C4E", "versionEndExcluding": "5.15.95", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE354BE6-0C0F-47EB-AD8A-1433F041AC20", "versionEndExcluding": "6.1.13", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF501633-2F44-4913-A8EE-B021929F49F6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BDA597B-CAC1-4DF0-86F0-42E142C654E9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "725C78C9-12CE-406F-ABE8-0813A01D66E8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A127C155-689C-4F67-B146-44A57F4BFD85"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D34127CC-68F5-4703-A5F6-5006F803E4AE"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AB8D555-648E-4F2F-98BD-3E7F45BD12A8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C64BDD9D-C663-4E75-AE06-356EDC392B82"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26544390-88E4-41CA-98BF-7BB1E9D4E243"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}