CVE-2023-53346

Summary

In the Linux kernel, the following vulnerability has been resolved:

kernel/fail_function: fix memory leak with using debugfs_lookup()

When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4b1a29a7f5425d32640b34b8a755f34e02f64d0f < f6d3aee1c66358471275df9dddd480010f061b0eaffected
LinuxLinux4b1a29a7f5425d32640b34b8a755f34e02f64d0f < dd9981a11d74ff2eb253bb5c459876f8bd3c6c36affected
LinuxLinux4b1a29a7f5425d32640b34b8a755f34e02f64d0f < bb99db06b8b6ce9351633fc61bec9919d8f6f52baffected
LinuxLinux4b1a29a7f5425d32640b34b8a755f34e02f64d0f < 29d53c4c5a6f6d2b93aaac95b65cb4c907faf2ffaffected
LinuxLinux4b1a29a7f5425d32640b34b8a755f34e02f64d0f < 94f68f3e059c478e240f65fcb64746fe371295dfaffected
LinuxLinux4b1a29a7f5425d32640b34b8a755f34e02f64d0f < 2bb3669f576559db273efe49e0e69f82450efbcaaffected
LinuxLinux4.16affected
LinuxLinux0 < 4.16unaffected
LinuxLinux5.4.235 <= 5.4.*unaffected
LinuxLinux5.10.173 <= 5.10.*unaffected
LinuxLinux5.15.100 <= 5.15.*unaffected
LinuxLinux6.1.18 <= 6.1.*unaffected
LinuxLinux6.2.5 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References