CVE-2023-53174Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective LifetimeCWE-772Missing Release of Resource after Effective Lifetime5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix possible memory leak if device_add() fails If device_add() returns error, the name allocated by dev_set_name() needs be freed. As the comment of device_add() says, put_device() should be used to decrease the reference count in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanp().

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel2.6.264.14.323+7
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxee959b00c335d7780136c5abda37809191fe52c363956ad27a6882f01fea7c69e17823090f4c7b3f+8
debiandebian/linux< linux 6.1.52-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2023-53174: In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix possible memory leak if device_add() fails If device_add() returns2025-09-15
GHSA
GHSA-23fg-w3cv-jf6w: In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix possible memory leak if device_add() fails If device_add() retur2025-09-15

📋Vendor Advisories

2
Red Hat
kernel: scsi: core: Fix possible memory leak if device_add() fails2025-09-15
Debian
CVE-2023-53174: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: core:...2023
CVE-2023-53174 — Linux vulnerability | cvebase