CVE-2023-53353Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective Lifetime6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedSep 17

Description

In the Linux kernel, the following vulnerability has been resolved: accel/habanalabs: postpone mem_mgr IDR destruction to hpriv_release() The memory manager IDR is currently destroyed when user releases the file descriptor. However, at this point the user context might be still held, and memory buffers might be still in use. Later on, calls to release those buffers will fail due to not finding their handles in the IDR, leading to a memory leak. To avoid this leak, split the IDR destruction fro

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

NVDlinux/linux_kernel5.16.3.4
Debianlinux/linux_kernel< 6.3.7-1+1
CVEListV5linux/linux0feaf86d4e69507ab9b2af7dcc63a6886352d5db840de329ca99cafd0cdde9c6ac160b1330942aba+2
debiandebian/linux< linux 6.3.7-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-6pw4-v52h-38vj: In the Linux kernel, the following vulnerability has been resolved: accel/habanalabs: postpone mem_mgr IDR destruction to hpriv_release() The memory2025-09-17
OSV
CVE-2023-53353: In the Linux kernel, the following vulnerability has been resolved: accel/habanalabs: postpone mem_mgr IDR destruction to hpriv_release() The memory m2025-09-17

📋Vendor Advisories

3
Red Hat
kernel: accel/habanalabs: postpone mem_mgr IDR destruction to hpriv_release()2025-09-17
Microsoft
accel/habanalabs: postpone mem_mgr IDR destruction to hpriv_release()2025-09-09
Debian
CVE-2023-53353: linux - In the Linux kernel, the following vulnerability has been resolved: accel/haban...2023
CVE-2023-53353 — Linux vulnerability | cvebase