CVE-2023-53225

In the Linux kernel, the following vulnerability has been resolved: spi: imx: Don't skip cleanup in remove's error path Returning early in a platform driver's remove callback is wrong. In this case the dma resources are not released in the error path. this is never retried later and so this is a permanent leak. To fix this, only skip hardware disabling if waking the device fails.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/11951c9e3f364d7ae3b568a0e52c8335d43066b5	Patch
https://git.kernel.org/stable/c/57a463226638f1ceabbb029cbd21b0c94640f1b5	Patch
https://git.kernel.org/stable/c/6d16305a1535873e0a8a8ae92ea2d9106ec2d7df	Patch
https://git.kernel.org/stable/c/aa93a46f998a9069368026ac52bba96868c59157	Patch
https://git.kernel.org/stable/c/b64cb3f085fed296103c91f0db6acad30a021b36	Patch
https://git.kernel.org/stable/c/f90822ad63d11301e425311dac0c8e12ca1737b8	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

04 Dec 2025, 14:57

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/11951c9e3f364d7ae3b568a0e52c8335d43066b5 -~~	() https://git.kernel.org/stable/c/11951c9e3f364d7ae3b568a0e52c8335d43066b5 - Patch
References	~~() https://git.kernel.org/stable/c/57a463226638f1ceabbb029cbd21b0c94640f1b5 -~~	() https://git.kernel.org/stable/c/57a463226638f1ceabbb029cbd21b0c94640f1b5 - Patch
References	~~() https://git.kernel.org/stable/c/6d16305a1535873e0a8a8ae92ea2d9106ec2d7df -~~	() https://git.kernel.org/stable/c/6d16305a1535873e0a8a8ae92ea2d9106ec2d7df - Patch
References	~~() https://git.kernel.org/stable/c/aa93a46f998a9069368026ac52bba96868c59157 -~~	() https://git.kernel.org/stable/c/aa93a46f998a9069368026ac52bba96868c59157 - Patch
References	~~() https://git.kernel.org/stable/c/b64cb3f085fed296103c91f0db6acad30a021b36 -~~	() https://git.kernel.org/stable/c/b64cb3f085fed296103c91f0db6acad30a021b36 - Patch
References	~~() https://git.kernel.org/stable/c/f90822ad63d11301e425311dac0c8e12ca1737b8 -~~	() https://git.kernel.org/stable/c/f90822ad63d11301e425311dac0c8e12ca1737b8 - Patch
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CWE		CWE-401
First Time		Linux Linux linux Kernel
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

15 Sep 2025, 15:22

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-15 15:15

Updated : 2025-12-04 14:57

NVD link : CVE-2023-53225

Mitre link : CVE-2023-53225

CVE.ORG link : CVE-2023-53225

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10