medium
5.5
Advisory Published
Updated

CVE-2023-52520: platform/x86: think-lmi: Fix reference leak

First published: Sat Mar 02 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using kset_find_obj(), a reference to that attribute is returned which needs to be disposed accordingly using kobject_put(). Move the setting name validation into a separate function to allow for this change without having to duplicate the cleanup code for this setting. As a side note, a very similar bug was fixed in commit 7295a996fdab ("platform/x86: dell-sysman: Fix reference leak"), so it seems that the bug was copied from that driver. Compile-tested only.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=5.14<5.15.136
Linux Kernel>=5.16<6.1.59
Linux Kernel>=6.2<6.5.8
Linux Kernel=6.6-rc1
Linux Kernel=6.6-rc2
Linux Kernel=6.6-rc3
Linux Kernel=6.6-rc4
redhat/kernel<5.15.136
5.15.136
redhat/kernel<6.1.59
6.1.59
redhat/kernel<6.5.8
6.5.8
redhat/kernel<6.6
6.6
IBM Security Verify Governance - Identity Manager<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2

Remedy

https://git.kernel.org/stable/c/124cf0ea4b82e1444ec8c7420af4e7db5558c293

Remedy

https://git.kernel.org/stable/c/528ab3e605cabf2f9c9bd5944d3bfe15f6e94f81

Remedy

https://git.kernel.org/stable/c/af21c9119a37cecb7ff27ce0c2f3cf721e9d0ec4

Remedy

https://git.kernel.org/stable/c/c6e3023579de8d33256771ac0745239029e81106

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What are the affected versions for CVE-2023-52520?

    CVE-2023-52520 affects Linux kernel versions between 5.14 and 5.15.136, 5.16 and 6.1.59, 6.2 and 6.5.8, and includes versions 6.6 and its release candidates.

  • What is the severity of CVE-2023-52520?

    The severity of CVE-2023-52520 is classified as moderate, as it involves a reference leak that could affect the stability of the system.

  • How do I fix CVE-2023-52520?

    To fix CVE-2023-52520, upgrade to Linux kernel version 5.15.136, 6.1.59, 6.5.8, or 6.6.

  • What type of vulnerability is CVE-2023-52520?

    CVE-2023-52520 is categorized as a reference leak vulnerability in the Linux kernel.

  • Can CVE-2023-52520 be exploited by remote attackers?

    CVE-2023-52520 does not present a direct remote exploitation vector, as it primarily affects local system stability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203