CVE-2023-53303Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective Lifetime5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 16

Description

In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix possible memory leak for vcap_dup_rule() Inject fault When select CONFIG_VCAP_KUNIT_TEST, the below memory leak occurs. If kzalloc() for duprule succeeds, but the following kmemdup() fails, the duprule, ckf and caf memory will be leaked. So kfree them in the error path. unreferenced object 0xffff122744c50600 (size 192): comm "kunit_try_catch", pid 346, jiffies 4294896122 (age 911.812s) hex dump (

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel6.36.5.4+1
Debianlinux/linux_kernel< 6.5.6-1+1
CVEListV5linux/linux814e7693207f1bd936d600f9b5467f133e3d6e40a26ba60413b2c8f95daf0ee0152cf82abd7bfbe4+2
debiandebian/linux< linux 6.5.6-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-7vg2-vv5h-q272: In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix possible memory leak for vcap_dup_rule() Inject fa2025-09-16
OSV
CVE-2023-53303: In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix possible memory leak for vcap_dup_rule() Inject faul2025-09-16

📋Vendor Advisories

2
Red Hat
kernel: net: microchip: vcap api: Fix possible memory leak for vcap_dup_rule()2025-09-16
Debian
CVE-2023-53303: linux - In the Linux kernel, the following vulnerability has been resolved: net: microc...2023
CVE-2023-53303 — Linux vulnerability | cvebase