CVE-2023-53725

Vulnerability

CVE-2023-53725 is a memory leak vulnerability in the Linux kernel's drivers/clocksource/timer-cadence-ttc.c file. The ttc_timer_probe() function uses of_iomap() to map the timer's base address, but on several error paths (lines 498, 508, 516) the mapped memory is not released. Additionally, clock references (clk_ce and clk_cs) are not properly) are not cleaned up via clk_put()` when errors occur. This was reported by the Smatch static analysis tool [1].

Exploitation

This is a resource leak that occurs during device probe, typically at boot time or when the driver is loaded. An attacker would require the kernel to attempt to probe the Cadence TTC timer device and hit an error condition (e.g., missing clock, failed registration). No special privileges or network access are needed; the vulnerability manifests in the kernel's initialization code.

Impact

An attacker cannot directly trigger this leak from userspace, but repeated probing (e.g., via hotplug or driver reload) could exhaust system memory over time, leading to denial of service. The leak is limited to the timer's iomapped region and clock handles, so the impact is primarily resource exhaustion.

Mitigation

The fix replaces of_iomap() with devm_of_iomap(), which automatically releases the mapping when the device is removed, and adds clk_put() calls to properly release clock references on error paths. The patch has been applied to the stable kernel branches [2][3]. Users should update to a kernel version containing the fix.