CVE-2023-53858

In the Linux kernel, a memory leak vulnerability was found in the Samsung serial driver (samsung_tty). The function s3c24xx_serial_getclk() allocates a clock (clk) but does not properly free it if clk_get_rate() fails. This leads to a memory leak [1].

Root

Cause The issue occurs in the error handling path of s3c24xx_serial_getclk(). When clk_get_rate() returns an error, the allocated clock is not released, causing a leak of kernel memory. The fix adds the missing clk_put() call to properly free the clock in the error case [1][2][3].

Impact

An attacker with the ability to trigger the error path (e.g., by causing clk_get_rate() to fail) could exhaust kernel memory over time, potentially leading to a denial-of-service (DoS) condition. No other security impact beyond memory exhaustion is cited.

Mitigation

The vulnerability is fixed in Linux kernel stable updates. Users should apply the relevant patches. There is no known workaround for affected systems.