CVE-2023-54075 in Linux
Summary
by MITRE • 12/24/2025
In the Linux kernel, the following vulnerability has been resolved:
ASoC: mediatek: common: Fix refcount leak in parse_dai_link_info
Add missing of_node_put()s before the returns to balance of_node_get()s and of_node_put()s, which may get unbalanced in case the for loop 'for_each_available_child_of_node' returns early.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 01/02/2026
This vulnerability resides within the Linux kernel's sound subsystem specifically in the mediatek audio driver component known as ASoC. The issue manifests as a reference count leak that occurs during the parsing of dai link information through the device tree interface. The flaw is particularly significant because it affects how the kernel manages device tree node references during audio subsystem initialization. The vulnerability is categorized under CWE-404 as an improper resource management issue, specifically dealing with reference counting mechanisms that should maintain balanced acquisition and release operations.
The technical implementation flaw occurs in the parse_dai_link_info function where the code uses of_node_get() to increment the reference count of device tree nodes when iterating through available child nodes using for_each_available_child_of_node loop. However, when the loop exits early due to certain conditions or errors, the corresponding of_node_put() calls that should decrement these reference counts are not executed before returning from the function. This creates an imbalance in the reference counting mechanism that leads to memory leaks and potential resource exhaustion over time. The issue directly impacts the kernel's device tree parsing functionality and can be traced back to improper error handling within the loop structure.
The operational impact of this vulnerability extends beyond simple memory leaks as it affects the stability and reliability of audio subsystems on devices using MediaTek chipsets. When the reference counting becomes unbalanced, it can lead to memory consumption issues that may eventually cause system instability or performance degradation. The vulnerability is particularly concerning in embedded systems and mobile devices where memory resources are constrained and proper resource management is critical for system operation. Attackers could potentially exploit this leak to cause denial of service conditions by repeatedly triggering the affected code path, leading to progressive memory exhaustion that impacts system functionality.
Mitigation strategies for this vulnerability involve ensuring that all device tree node references are properly balanced through the addition of missing of_node_put() calls before every return statement within the affected function. The fix requires careful code review and modification to guarantee that every of_node_get() operation has a corresponding of_node_put() call regardless of the execution path taken. System administrators should apply the kernel patches that address this specific reference counting issue, and organizations using MediaTek-based audio systems should prioritize updating their kernel versions to include this fix. The vulnerability demonstrates the importance of proper resource management in kernel space code and aligns with ATT&CK technique T1070.004 for bypassing security controls through resource exhaustion attacks.