CVE-2023-52520: platform/x86: think-lmi: Fix reference leak

Published Mar 2, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: think-lmi: Fix reference leak

If a duplicate attribute is found using ksetfindobj(), a reference to that attribute is returned which needs to be disposed accordingly using kobjectput(). Move the setting name validation into a separate function to allow for this change without having to duplicate the cleanup code for this setting. As a side note, a very similar bug was fixed in commit 7295a996fdab ("platform/x86: dell-sysman: Fix reference leak"), so it seems that the bug was copied from that driver.

Compile-tested only.

Other sources

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: think-lmi: Fix reference leak

The Linux kernel CVE team has assigned CVE-2023-52520 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024030252-CVE-2023-52520-0a4e@gregkh/T/#u

Red Hat

Linux Kernel is vulnerable to a denial of service, caused by a reference leak. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

IBM

Affected Software

15 affected componentsFixes available
Linux Linux kernel>=5.14<5.15.136
Linux Linux kernel>=5.16<6.1.59
Linux Linux kernel>=6.2<6.5.8
Linux Linux kernel=6.6-rc1
Linux Linux kernel=6.6-rc2
Linux Linux kernel=6.6-rc3
Linux Linux kernel=6.6-rc4
redhat/kernel<5.15.136
5.15.136
redhat/kernel<6.1.59
6.1.59
redhat/kernel<6.5.8
6.5.8
redhat/kernel<6.6
6.6
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2

Remediation

Patch Available

https://git.kernel.org/stable/c/124cf0ea4b82e1444ec8c7420af4e7db5558c293

Patch Available

https://git.kernel.org/stable/c/528ab3e605cabf2f9c9bd5944d3bfe15f6e94f81

Patch Available

https://git.kernel.org/stable/c/af21c9119a37cecb7ff27ce0c2f3cf721e9d0ec4

Patch Available

https://git.kernel.org/stable/c/c6e3023579de8d33256771ac0745239029e81106

Event History

Mar 2, 2024
CVE Published
via MITRE·09:52 PM
Data Sourced
via MITRE·09:52 PM
Description
Mar 4, 2024
Data Sourced
via Red Hat·07:40 PM
DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What are the affected versions for CVE-2023-52520?

CVE-2023-52520 affects Linux kernel versions between 5.14 and 5.15.136, 5.16 and 6.1.59, 6.2 and 6.5.8, and includes versions 6.6 and its release candidates.

2

What is the severity of CVE-2023-52520?

The severity of CVE-2023-52520 is classified as moderate, as it involves a reference leak that could affect the stability of the system.

3

How do I fix CVE-2023-52520?

To fix CVE-2023-52520, upgrade to Linux kernel version 5.15.136, 6.1.59, 6.5.8, or 6.6.

4

What type of vulnerability is CVE-2023-52520?

CVE-2023-52520 is categorized as a reference leak vulnerability in the Linux kernel.

5

Can CVE-2023-52520 be exploited by remote attackers?

CVE-2023-52520 does not present a direct remote exploitation vector, as it primarily affects local system stability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203