CVE-2023-52662 : In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx:

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node When ida_alloc_max fails, resources allocated before should be freed, including *res allocated by kmalloc and ttm_resource_init.

Published 2024-05-17 14:15:08

Updated 2025-01-14 14:55:24

Source Linux

View at NVD, CVE.org

Products affected by CVE-2023-52662

Linux » Linux Kernel
Versions from including (>=) 5.16 and before (<) 6.1.83
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.8 and before (<) 6.8.2
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.7 and before (<) 6.7.11
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.14 and before (<) 5.15.153
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.2 and before (<) 6.6.23
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-52662

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 15 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-52662

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST	2025-01-14
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2023-52662

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-52662

https://git.kernel.org/stable/c/d1e546ab91c670e536a274a75481034ab7534876

drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/40624af6674745e174c754a20d7c53c250e65e7a

drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/89709105a6091948ffb6ec2427954cbfe45358ce

drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/6fc6233f6db1579b69b54b44571f1a7fde8186e6

drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/83e0f220d1e992fa074157fcf14945bf170ffbc5

drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/03b1072616a8f7d6e8594f643b416a9467c83fbf

drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2023-52662

Products affected by CVE-2023-52662

Exploit prediction scoring system (EPSS) score for CVE-2023-52662

CVSS scores for CVE-2023-52662

CWE ids for CVE-2023-52662

References for CVE-2023-52662