{"id":"CVE-2023-53596","summary":"drivers: base: Free devm resources when unregistering a device","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: base: Free devm resources when unregistering a device\n\nIn the current code, devres_release_all() only gets called if the device\nhas a bus and has been probed.\n\nThis leads to issues when using bus-less or driver-less devices where\nthe device might never get freed if a managed resource holds a reference\nto the device. This is happening in the DRM framework for example.\n\nWe should thus call devres_release_all() in the device_del() function to\nmake sure that the device-managed actions are properly executed when the\ndevice is unregistered, even if it has neither a bus nor a driver.\n\nThis is effectively the same change than commit 2f8d16a996da (\"devres:\nrelease resources on device_del()\") that got reverted by commit\na525a3ddeaca (\"driver core: free devres in device_release\") over\nmemory leaks concerns.\n\nThis patch effectively combines the two commits mentioned above to\nrelease the resources both on device_del() and device_release() and get\nthe best of both worlds.","modified":"2026-04-11T12:46:50.069564Z","published":"2025-10-04T15:44:08.942Z","related":["SUSE-SU-2025:21040-1","SUSE-SU-2025:21052-1","SUSE-SU-2025:21056-1","SUSE-SU-2025:21064-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4128-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4140-1","SUSE-SU-2025:4141-1","SUSE-SU-2025:4189-1","SUSE-SU-2025:4301-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53596.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/297992e5c63528e603666e36081836204fc36ec9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3bcc4c2a096e8342c8c719e595ce15de212694dd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/699fb50d99039a50e7494de644f96c889279aca3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c8c426fae26086a0ca8ab6cc6da2de79810ec038"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53596.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53596"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a525a3ddeaca69f405d98442ab3c0746e53168dc"},{"fixed":"297992e5c63528e603666e36081836204fc36ec9"},{"fixed":"3bcc4c2a096e8342c8c719e595ce15de212694dd"},{"fixed":"c8c426fae26086a0ca8ab6cc6da2de79810ec038"},{"fixed":"699fb50d99039a50e7494de644f96c889279aca3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53596.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.7.0"},{"fixed":"6.1.53"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.4.16"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.5.0"},{"fixed":"6.5.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53596.json"}}],"schema_version":"1.7.5"}