CVE-2023-53830

Vulnerability

Overview

In the Linux kernel's think-lmi driver (platform/x86), a memory leak vulnerability exists in the current_value_show() function. When retrieving an item string via tlmi_setting(), the result must be freed using kfree(). However, if the item string is malformed, the function returns early without freeing the allocated memory, leading to a memory leak [1].

Exploitation

This vulnerability

This vulnerability is triggered when a user or process reads the current_value sysfs attribute for a think-lmi setting that returns a malformed string. No special privileges are required beyond the ability to read the sysfs file, which is typically accessible to unprivileged users on systems with the think-lmi driver loaded. The attack surface is local, as it requires access to the sysfs interface.

Impact

An attacker with local access can repeatedly trigger the memory leak by reading the malformed setting, potentially exhausting system memory over time. This could lead to denial of service (DoS) conditions, such as system instability or crashes due to memory exhaustion.

Mitigation

The fix was applied in the Linux kernel stable tree via commit b9396d991abe [1]. Users should update to a kernel packages to include this patch. No workaround is available other than applying the patch or unloading the think-lmi module if not needed.