ghsa-qhvp-r58q-c426
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
regulator: stm32-pwr: fix of_iomap leak
Smatch reports: drivers/regulator/stm32-pwr.c:166 stm32_pwr_regulator_probe() warn: 'base' from of_iomap() not released on lines: 151,166.
In stm32_pwr_regulator_probe(), base is not released when devm_kzalloc() fails to allocate memory or devm_regulator_register() fails to register a new regulator device, which may cause a leak.
To fix this issue, replace of_iomap() with devm_platform_ioremap_resource(). devm_platform_ioremap_resource() is a specialized function for platform devices. It allows 'base' to be automatically released whether the probe function succeeds or fails.
Besides, use IS_ERR(base) instead of !base as the return value of devm_platform_ioremap_resource() can either be a pointer to the remapped memory or an ERR_PTR() encoded error code if the operation fails.
{
"affected": [],
"aliases": [
"CVE-2023-54097"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-24T13:16:11Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: stm32-pwr: fix of_iomap leak\n\nSmatch reports:\ndrivers/regulator/stm32-pwr.c:166 stm32_pwr_regulator_probe() warn:\n\u0027base\u0027 from of_iomap() not released on lines: 151,166.\n\nIn stm32_pwr_regulator_probe(), base is not released\nwhen devm_kzalloc() fails to allocate memory or\ndevm_regulator_register() fails to register a new regulator device,\nwhich may cause a leak.\n\nTo fix this issue, replace of_iomap() with\ndevm_platform_ioremap_resource(). devm_platform_ioremap_resource()\nis a specialized function for platform devices.\nIt allows \u0027base\u0027 to be automatically released whether the probe\nfunction succeeds or fails.\n\nBesides, use IS_ERR(base) instead of !base\nas the return value of devm_platform_ioremap_resource()\ncan either be a pointer to the remapped memory or\nan ERR_PTR() encoded error code if the operation fails.",
"id": "GHSA-qhvp-r58q-c426",
"modified": "2025-12-24T15:30:37Z",
"published": "2025-12-24T15:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54097"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0ad07e02be0d3f0d554653382ffe53ae4879378d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/824683dbec234a01bd49a0589ee3323594a6f4cf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ad6481f49fb2c703efa3a929643934f24b666d6a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c091bb49b3233307c7af73dae888f0799752af3d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c4a413e56d16a2ae84e6d8992f215c4dcc7fac20"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dfce9bb3517a78507cf96f9b83948d0b81338afa"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f25994f7a9ad53eb756bc4869497c3ebe281ad5e"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.