CVE-2023-52520

Advisory lineage Upstream: 0 Downstream: 11

Downstream

DEBIAN-CVE-2023-52520 RHSA-2024:3618 RHSA-2024:3627 RHSA-2024:9315 RHSA-2025:2490 SUSE-SU-2024:1320-1

Analyzed

Published: 02 Mar 2024, 21:52

Last modified:11 May 2026, 19:28

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

02 Mar 2024, 21:52

Published

Vulnerability first disclosed

11 May 2026, 19:28

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using kset_find_obj(), a reference to that attribute is returned which needs to be disposed accordingly using kobject_put(). Move the setting name validation into a separate function to allow for this change without having to duplicate the cleanup code for this setting. As a side note, a very similar bug was fixed in commit 7295a996fdab ("platform/x86: dell-sysman: Fix reference leak"), so it seems that the bug was copied from that driver. Compile-tested only.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 3%

Affected Systems

linux•linux
≥ 1bcad8e510b27ad843315ab2c27ccf459e3acded, < 124cf0ea4b82e1444ec8c7420af4e7db5558c293 | ≥ 1bcad8e510b27ad843315ab2c27ccf459e3acded, < af21c9119a37cecb7ff27ce0c2f3cf721e9d0ec4 | ≥ 1bcad8e510b27ad843315ab2c27ccf459e3acded, < c6e3023579de8d33256771ac0745239029e81106 | ≥ 1bcad8e510b27ad843315ab2c27ccf459e3acded, < 528ab3e605cabf2f9c9bd5944d3bfe15f6e94f81 | 5.14
linux•linux_kernel
≥ 5.14, < 5.15.136 | ≥ 5.16, < 6.1.59 | ≥ 6.2, < 6.5.8 | 6.6:rc1 | 6.6:rc2 | 6.6:rc3 | 6.6:rc4