CVE-2023-53330

Summary

In the Linux kernel, the following vulnerability has been resolved:

caif: fix memory leak in cfctrl_linkup_request()

When linktype is unknown or kzalloc failed in cfctrl_linkup_request(), pkt is not released. Add release process to error path.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb482cd2053e3b90a7b33a78c63cdb6badf2ec383 < badea57569db04b010e922e29a7aaf40a979a70baffected
LinuxLinuxb482cd2053e3b90a7b33a78c63cdb6badf2ec383 < 3acf3783a84cbdf0c9f8cf2f32ee9c49af93a2daaffected
LinuxLinuxb482cd2053e3b90a7b33a78c63cdb6badf2ec383 < 33df9c5d5e2a18c70f5f5f3c2757d654c1b6ffa3affected
LinuxLinuxb482cd2053e3b90a7b33a78c63cdb6badf2ec383 < 84b2cc7b36b7f6957d307fb3d01603f93cb2d655affected
LinuxLinuxb482cd2053e3b90a7b33a78c63cdb6badf2ec383 < dc1bc903970bdf63ca40ab923d3ccb765da9a8d9affected
LinuxLinuxb482cd2053e3b90a7b33a78c63cdb6badf2ec383 < 1dddeceb26002cfea4c375e92ac6498768dc7349affected
LinuxLinuxb482cd2053e3b90a7b33a78c63cdb6badf2ec383 < 3ad47c8aa5648226184415e4a0cb1bf67ffbfd48affected
LinuxLinuxb482cd2053e3b90a7b33a78c63cdb6badf2ec383 < fe69230f05897b3de758427b574fc98025dfc907affected
LinuxLinux2.6.35affected
LinuxLinux0 < 2.6.35unaffected
LinuxLinux4.14.303 <= 4.14.*unaffected
LinuxLinux4.19.270 <= 4.19.*unaffected
LinuxLinux5.4.229 <= 5.4.*unaffected
LinuxLinux5.10.163 <= 5.10.*unaffected
LinuxLinux5.15.87 <= 5.15.*unaffected
LinuxLinux6.0.19 <= 6.0.*unaffected
LinuxLinux6.1.5 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References