PT-2023-9732 · Linux+7 · Linux Kernel+7

Yang Yingliang

·

Published

2023-02-13

·

Updated

2025-09-29

·

CVE-2023-52730

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The vulnerability is related to a resource leak in the Linux kernel's SDIO component. When sdio add func() or sdio init func() fails, sdio remove func() cannot release the resources because the SDIO function is not presented in these cases, resulting in a potential leak. The issue is fixed by making sdio func present() control whether device del() needs to be called or not and always calling of node put() and put device(). In error cases in sdio init func(), moving get device() to sdio alloc func() and put device() to sdio release func() keeps the get/put function balanced.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-200

Related Identifiers

ALSA-2024:5101
ALSA-2024:5102
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
BDU:2024-10372
CESA-2024_5101
CESA-2024_5102
CVE-2023-52730
INFSA-2024_5101
INFSA-2024_5102
INFSA-2024_9315
OESA-2024-1693
OESA-2024-1835
OPENSUSE-SU-2024_2189-1
RHSA-2024:5101
RHSA-2024:5102
RHSA-2024:9315
RHSA-2024_5101
RHSA-2024_5102
RHSA-2024_9315
RLSA-2024:5101
RLSA-2024:5102
RXSA-2024:5101
SUSE-SU-2024:1979-1
SUSE-SU-2024:1983-1
SUSE-SU-2024:2008-1
SUSE-SU-2024:2011-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2184-1
SUSE-SU-2024:2189-1
SUSE-SU-2024:2190-1

Affected Products

Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse