View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2023-54259 severity moderate: SUSE including 26 source package names (cluster-md-kmp-default, dlm-kmp-default, …), 268 product×package rows across 55 product lines (SLES-LTSS-TERADATA 15 SP2, SUSE Linux Enterprise High Availability Extension 15 SP3, … (55 product lines)): Known Not Affected 268.
In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pm_runtime_put() causing usage count underflow This reverts commit 443a98e649b4 ("soundwire: bus: use pm_runtime_resume_and_get()") Change calls to pm_runtime_resume_and_get() back to pm_runtime_get_sync(). This fixes a usage count underrun caused by doing a pm_runtime_put() even though pm_runtime_resume_and_get() returned an error. The three affected functions ignore -EACCES error from trying to get pm_runtime, and carry on, including a put at the end of the function. But pm_runtime_resume_and_get() does not increment the usage count if it returns an error. So in the -EACCES case you must not call pm_runtime_put(). The documentation for pm_runtime_get_sync() says: "Consider using pm_runtime_resume_and_get() ... as this is likely to result in cleaner code." In this case I don't think it results in cleaner code because the pm_runtime_put() at the end of the function would have to be conditional on the return value from pm_runtime_resume_and_get() at the top of the function. pm_runtime_get_sync() doesn't have this problem because it always increments the count, so always needs a put. The code can just flow through and do the pm_runtime_put() unconditionally.