CVE-2023-53225

In the Linux kernel, the following vulnerability has been resolved: spi: imx: Don't skip cleanup in remove's error path Returning early in a platform driver's remove callback is wrong. In this case the dma resources are not released in the error path. this is never retried later and so this is a permanent leak. To fix this, only skip hardware disabling if waking the device fails.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/11951c9e3f364d7ae3b568a0e52c8335d43066b5	Patch
https://git.kernel.org/stable/c/57a463226638f1ceabbb029cbd21b0c94640f1b5	Patch
https://git.kernel.org/stable/c/6d16305a1535873e0a8a8ae92ea2d9106ec2d7df	Patch
https://git.kernel.org/stable/c/aa93a46f998a9069368026ac52bba96868c59157	Patch
https://git.kernel.org/stable/c/b64cb3f085fed296103c91f0db6acad30a021b36	Patch
https://git.kernel.org/stable/c/f90822ad63d11301e425311dac0c8e12ca1737b8	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2025-09-15 15:15

Updated : 2026-01-14 18:16

NVD link : CVE-2023-53225

Mitre link : CVE-2023-53225

CVE.ORG link : CVE-2023-53225

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2023-53225", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-09-15T15:15:49.363", "references": [{"url": "https://git.kernel.org/stable/c/11951c9e3f364d7ae3b568a0e52c8335d43066b5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/57a463226638f1ceabbb029cbd21b0c94640f1b5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6d16305a1535873e0a8a8ae92ea2d9106ec2d7df", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/aa93a46f998a9069368026ac52bba96868c59157", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b64cb3f085fed296103c91f0db6acad30a021b36", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f90822ad63d11301e425311dac0c8e12ca1737b8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: imx: Don't skip cleanup in remove's error path\n\nReturning early in a platform driver's remove callback is wrong. In this\ncase the dma resources are not released in the error path. this is never\nretried later and so this is a permanent leak. To fix this, only skip\nhardware disabling if waking the device fails."}], "lastModified": "2026-01-14T18:16:32.823", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38BA6B6B-1C08-4FA2-9202-D6F0F7E2F21C", "versionEndExcluding": "3.17", "versionStartIncluding": "3.16.57"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38DD1C0A-BCFA-4EE8-846B-9C4DEFE72BCC", "versionEndExcluding": "3.19", "versionStartIncluding": "3.18.94"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D1ECF78-BF07-4C94-927B-900568638219", "versionEndExcluding": "4.2", "versionStartIncluding": "4.1.50"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6540EB4C-8E6D-4CF1-970D-18D87DB53939", "versionEndExcluding": "4.5", "versionStartIncluding": "4.4.115"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1EC5DA9-8130-4C21-BD0D-2BAA776BF9E4", "versionEndExcluding": "4.10", "versionStartIncluding": "4.9.80"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BA7EAE9-8C11-49C6-8B79-78FB96E8D13C", "versionEndExcluding": "4.15", "versionStartIncluding": "4.14.17"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE6C96C4-3475-4945-8F88-003D7AA3B863", "versionEndExcluding": "5.10.180", "versionStartIncluding": "4.15.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B9DD776-7F17-4F72-B94F-54BFCBC692DD", "versionEndExcluding": "5.15.111", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08F855F4-7188-4EE1-BD79-D4B6C7E2EF54", "versionEndExcluding": "6.1.28", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3844A90B-940D-46C3-8D7B-9FF63F1AFC2F", "versionEndExcluding": "6.2.15", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38F6F330-91A0-4675-8B90-6F950471A7CC", "versionEndExcluding": "6.3.2", "versionStartIncluding": "6.3"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}