CVE-2023-53355

Summary

In the Linux kernel, the following vulnerability has been resolved:

staging: pi433: fix memory leak with using debugfs_lookup()

When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. This requires saving off the root directory dentry to make creation of individual device subdirectories easier.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux874bcba65f9a3a2a304b5f520529c046887c3cdc < 04f3cda40e9f6653ae15ed3fcf26ef2860f4df66affected
LinuxLinux874bcba65f9a3a2a304b5f520529c046887c3cdc < bb16f3102607b69e1a0233f4b73c6e337f86ef8daffected
LinuxLinux874bcba65f9a3a2a304b5f520529c046887c3cdc < 2f36e789e540df6a9fbf471b3a2ba62a8b361586affected
LinuxLinux4.14affected
LinuxLinux0 < 4.14unaffected
LinuxLinux6.1.18 <= 6.1.*unaffected
LinuxLinux6.2.5 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References