CVE-2023-52643

iio: core: fix memleak in iio_device_register_sysfs

Description

In the Linux kernel, the following vulnerability has been resolved: iio: core: fix memleak in iio_device_register_sysfs When iio_device_register_sysfs_group() fails, we should free iio_dev_opaque->chan_attr_group.attrs to prevent potential memleak.

References

Link	Tags
https://git.kernel.org/stable/c/1c6d19c8cbf6abcea2c8fca2db26abca2cbf0363	patch
https://git.kernel.org/stable/c/359f220d0e753bba840eac19ffedcdc816b532f2	patch
https://git.kernel.org/stable/c/b90126c86d83912688501826643ea698f0df1728	patch
https://git.kernel.org/stable/c/3db312e06851996e7fb27cb5a8ccab4c0f9cdb93	patch
https://git.kernel.org/stable/c/95a0d596bbd0552a78e13ced43f2be1038883c81	patch

Frequently Asked Questions

What is the severity of CVE-2023-52643?: CVE-2023-52643 has been scored as a medium severity vulnerability.
How to fix CVE-2023-52643?: To fix CVE-2023-52643, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52643 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-52643 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52643?: CVE-2023-52643 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-401 – Missing Release of Memory after Effective Lifetime

References

Frequently Asked Questions