CVE-2023-54301

This vulnerability is a resource leak in the Linux kernel's 8250_bcm7271 serial driver. The function brcmuart_probe() acquires a clock (baud_mux_clk) via clk_prepare_enable(), but fails to release it on certain error paths (specifically line 1032, as reported by Smatch). This results in the clock remaining enabled and prepared even after probe failure, causing a resource leak and potentially preventing proper power management or subsequent probe attempts.

The leak occurs when an error is encountered during probe after the clock has been successfully enabled. The fix, introduced in commit 5258395e67fee6929fb8e50c8239f8de51b8cb2d, replaces the manual clock management with a managed clock (devm_clk_get_enabled()), ensuring that the clock is automatically disabled and unprepared when the device is removed or if probe fails, eliminating the leak [1].

The impact of this vulnerability is limited to systems using the Broadcom 7271 serial controller. An attacker would need local access to trigger the probe error path, for example by causing a device binding failure. The issue primarily affects system stability and resource availability, rather than enabling remote code execution or privilege escalation.

The fix has been merged into the Linux kernel stable tree [1][2]. Users are advised to update their kernel to include the commit 2a3e5f428fc4315be6144524912eaefac16f43a9 or later to ensure the leak is resolved.