CVE-2023-53279

Summary

In the Linux kernel, the following vulnerability has been resolved:

misc: vmw_balloon: fix memory leak with using debugfs_lookup()

When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux37b85bd5f20cbe28140d370a840738b6f2e85cbf < b94b39bf3d545671f210a2257d18e33c8b874699affected
LinuxLinux37b85bd5f20cbe28140d370a840738b6f2e85cbf < d1c545e44c1ec08bef0c0c14e632eec516431e9caffected
LinuxLinux37b85bd5f20cbe28140d370a840738b6f2e85cbf < f7651fa88b17c2d7af949981a2423179db5e9453affected
LinuxLinux37b85bd5f20cbe28140d370a840738b6f2e85cbf < 209cdbd07cfaa4b7385bad4eeb47e5ec1887d33daffected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux5.15.100 <= 5.15.*unaffected
LinuxLinux6.1.18 <= 6.1.*unaffected
LinuxLinux6.2.5 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References