Fluid Attacks Database

Description

A memory leak was found in the Linux kernel's i.MX93 clock driver. The imx93_clocks_probe() function returns directly without unregistering hardware clocks or freeing allocated memory when errors occur. The fix converts allocations to use device-managed APIs (devm_kzalloc, devm_of_iomap) and adds proper error handling goto paths.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	linux	>=0 <6.4.4-1	6.4.4-1
debian 12	linux	=6.1.27-1 \|\| =6.1.37-1 \|\| =6.1.38-1 \|\| =6.1.38-2 \|\| =6.1.38-2~bpo11+1 \|\| =6.1.38-3 \|\| =6.1.38-4 \|\| =6.1.38-4~bpo11+1 \|\| >=0 <6.1.52-1	6.1.52-1
debian 14	linux	>=0 <6.4.4-1	6.4.4-1
rpm rhel9	kernel	<0:5.14.0-427.13.1.el9_4	0:5.14.0-427.13.1.el9_4
rpm rhel9	kernel-rt	-	-

Aliases

1. CVE-2023-542212. NVD-2023-542213. OSV-DEBIAN-2023-542214. OSV-2023-542215. SECURITY-TRACKER-CVE-2023-54221

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.