CVE-2023-54097

CVE-2023-54097: Memory leak in stm32-pwr regulator driver

In the stm32_pwr_regulator_probe() function of the Linux kernel's STM32 power regulator driver, a memory leak occurs when of_iomap() is used to map device memory but the resulting base pointer is not released if certain subsequent allocations or registrations fail. Specifically, if devm_kzalloc() fails to allocate memory or devm_regulator_register() fails, the mapped I/O memory is never unmapped, causing a leak [1].

Exploitation and attack surface This issue is a resource leak that triggers during driver probe. An attacker would need to cause the probe to fail—for example, by exhausting kernel memory or by interfering with regulator registration—while the driver is being loaded. Since this is a platform driver, it is typically loaded during boot or when a device is discovered; local access or the ability to trigger a probe failure is required. No authentication is explicitly needed, but the attack surface is limited to local or privileged contexts that can influence driver probing.

Impact If an attacker can repeatedly force probe failures (e.g., by exhausting memory), the leak of the base mapping would gradually consume system memory, potentially leading to denial of service. The leak is limited to the I/O memory region mapped by of_iomap(), which is typically small, but repeated failures could accumulate.

Mitigation The fix replaces of_iomap() with devm_platform_ioremap_resource(), which uses the device-managed resource framework to automatically release the mapping when the probe function exits—whether successfully or on error. The patch also updates the error check to use IS_IS_ERR() instead of !base`. This fix has been applied to stable kernel trees (e.g., commits 0ad07e02be0d3f0d554653382ffe53ae4879378d and others) [1][2][3][4]. Users should update their kernel to a version containing one of these commits.