CVE-2023-52663 Affecting kernel-zfcpdump-modules-internal package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL9-KERNELZFCPDUMPMODULESINTERNAL-6914435
- published 20 May 2024
- disclosed 17 May 2024
Introduced: 17 May 2024
CVE-2023-52663 Open this link in a new tabHow to fix?
There is no fixed version for RHEL:9 kernel-zfcpdump-modules-internal.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-zfcpdump-modules-internal package and not the kernel-zfcpdump-modules-internal package as distributed by RHEL.
See How to fix? for RHEL:9 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe()
Driver uses kasprintf() to initialize fw_{code,data}_bin members of struct acp_dev_data, but kfree() is never called to deallocate the memory, which results in a memory leak.
Fix the issue by switching to devm_kasprintf(). Additionally, ensure the allocation was successful by checking the pointer validity.
References
- https://access.redhat.com/security/cve/CVE-2023-52663
- https://git.kernel.org/stable/c/222be59e5eed1554119294edc743ee548c2371d0
- https://git.kernel.org/stable/c/7296152e58858f928db448826eb7ba5ae611297b
- https://git.kernel.org/stable/c/88028c45d5871dfc449b2b0a27abf6428453a5ec
- https://git.kernel.org/stable/c/be4760799c6a7c01184467287f0de41e0dd255f8