CVE-2023-53744

Vulnerability

In the Linux kernel's TI AM33xx power management driver (pm33xx.c), the function am33xx_pm_probe calls wkup_m3_ipc_get() to obtain a reference to the Wakeup M3 IPC handle. This function increments a reference count that must later be decremented with wkup_m3_ipc_put(). However, several error paths within the probe function fail to release this reference, leading to a reference count leak [1].

Exploitation

The leak is triggered when the probe function encounters an error after successfully obtaining the IPC handle. An attacker with local access could potentially force probe failures—for example, by manipulating device tree entries or causing hardware misconfiguration—to repeatedly trigger the leak. No special privileges beyond the ability to affect driver probing are required, though the attack surface is limited to systems using the TI AM33xx SoC.

Impact

Each leaked reference consumes kernel memory and prevents proper cleanup of the IPC resource. Over time, repeated exploitation could exhaust kernel memory or leave the driver in an inconsistent state, resulting in a denial of service (DoS) condition.

Mitigation

The fix adds the missing wkup_m3_ipc_put() calls in the error paths of am33xx_pm_probe. Patches have been applied to the stable kernel trees; users should update to a kernel version containing the commit referenced in [1].