CVE-2023-53403

Summary

In the Linux kernel, the following vulnerability has been resolved:

time/debug: Fix memory leak with using debugfs_lookup()

When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux44511ab344c755d1f216bf421e92fbc2777e87fe < dc39fbd865a9819db4b622f610ba17b2ebc294f4affected
LinuxLinux44511ab344c755d1f216bf421e92fbc2777e87fe < 15cffd01ed80e3506e29ba9f441e2358413b7317affected
LinuxLinux44511ab344c755d1f216bf421e92fbc2777e87fe < b588b42d077ce93c98704b41003bcec6a564b738affected
LinuxLinux44511ab344c755d1f216bf421e92fbc2777e87fe < 5b268d8abaec6cbd4bd70d062e769098d96670aaaffected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux5.15.99 <= 5.15.*unaffected
LinuxLinux6.1.16 <= 6.1.*unaffected
LinuxLinux6.2.3 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References