CVE-2023-53349Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective Lifetime5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 17

Description

In the Linux kernel, the following vulnerability has been resolved: media: ov2740: Fix memleak in ov2740_init_controls() There is a kmemleak when testing the media/i2c/ov2740.c with bpf mock device: unreferenced object 0xffff8881090e19e0 (size 16): comm "51-i2c-ov2740", pid 278, jiffies 4294781584 (age 23.613s) hex dump (first 16 bytes): 00 f3 7c 0b 81 88 ff ff 80 75 6a 09 81 88 ff ff ..|......uj..... backtrace: [] __kmalloc_node+0x44/0x1b0 [] kvmalloc_node+0x34/0x180 [] v4l2_ctrl_handler_ini

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel5.85.10.173+3
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux866edc895171f1256aad3e81dce193447955c202a163ee11345d8322321c28bd61631de32455b987+5
debiandebian/linux< linux 6.1.20-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-8g4h-m7m7-62x8: In the Linux kernel, the following vulnerability has been resolved: media: ov2740: Fix memleak in ov2740_init_controls() There is a kmemleak when te2025-09-17
OSV
CVE-2023-53349: In the Linux kernel, the following vulnerability has been resolved: media: ov2740: Fix memleak in ov2740_init_controls() There is a kmemleak when test2025-09-17

📋Vendor Advisories

2
Red Hat
kernel: media: ov2740: Fix memleak in ov2740_init_controls()2025-09-17
Debian
CVE-2023-53349: linux - In the Linux kernel, the following vulnerability has been resolved: media: ov27...2023
CVE-2023-53349 — Linux vulnerability | cvebase