CVE-2023-53414

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: snic: Fix memory leak with using debugfs_lookup()

When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1be4ec2456a7d110092ad8cc918eef75b878ec4e < 5a46d8bdaf03e8a4bb83f0c363326d9aa66cc122affected
LinuxLinux1be4ec2456a7d110092ad8cc918eef75b878ec4e < 3dec769caf337c55814fbf79ec8c91a3cce23bf3affected
LinuxLinux1be4ec2456a7d110092ad8cc918eef75b878ec4e < 995424f59ab52fb432b26ccb3abced63745ea041affected
LinuxLinux1be4ec2456a7d110092ad8cc918eef75b878ec4e < ad0e4e2fab928477f74d742e6e77d79245d3d3e7affected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.15.99 <= 5.15.*unaffected
LinuxLinux6.1.16 <= 6.1.*unaffected
LinuxLinux6.2.3 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References