CVE-2023-54230

Vulnerability

Description

CVE-2023-54230 is a refcount leak vulnerability in the Linux kernel's AMBA bus driver. The commit 5de1540b7bc4 ("drivers/amba: create devices from device tree") introduced a code path that increases the reference count of the device tree node (of_node) but fails to decrement it in the amba_device_release function [1]. This oversight causes the reference count to remain elevated after the device is released, resulting in a memory leak of the device tree node object.

Exploitation

The vulnerability is triggered during the lifecycle of AMBA devices that are created from device tree entries. As these devices are added and removed, each time an AMBA device associated with a device tree node is released without properly putting the node, the reference count increments without a corresponding decrement. An attacker cannot directly trigger this from userspace without prerequisites, as the leak occurs through normal kernel device management; however, any system that dynamically adds/removes AMBA devices or uses device tree overlays could accumulate the leak over time.

Impact

A successful exploitation would result in a gradual exhaustion of kernel memory due to the unreleased device tree node objects. Over an extended period of system uptime and repeated device hotplug operations, this could lead to denial of service (DoS) via memory exhaustion. The impact is limited to availability, with no evidence of privilege escalation or information disclosure. The vulnerability does not require special privileges to be triggered, as it arises from normal kernel operations.

Mitigation

The fix has been applied in upstream stable kernel commits [1][2][3][4], which add a call to of_node_put in amba_device_release to properly balance the reference count. Users are advised to update to a kernel version containing these commits or apply the respective stable backports. No workaround is available, and the issue does not appear on the CISA KEV list.