CVE-2023-52937

Summary

In the Linux kernel, the following vulnerability has been resolved:

HV: hv_balloon: fix memory leak with using debugfs_lookup()

When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd180e0a1be6cea2b7436fadbd1c96aecdf3c46c7 < 0b570a059cf42ad6e2eb632f47c23813d58d8303affected
LinuxLinuxd180e0a1be6cea2b7436fadbd1c96aecdf3c46c7 < 6dfb0771429a63db8561d44147f2bb76f93e1c86affected
LinuxLinux6.0affected
LinuxLinux0 < 6.0unaffected
LinuxLinux6.1.11 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References