CVE-2023-53355Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective Lifetime6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 96.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedSep 17

Description

In the Linux kernel, the following vulnerability has been resolved: staging: pi433: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. This requires saving off the root directory dentry to make creation of individual device subdirectories easier.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

NVDlinux/linux_kernel4.146.1.18+1
Debianlinux/linux_kernel< 6.1.20-1+2
CVEListV5linux/linux874bcba65f9a3a2a304b5f520529c046887c3cdc04f3cda40e9f6653ae15ed3fcf26ef2860f4df66+3
debiandebian/linux< linux 6.1.20-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-gr54-f9vx-r2h8: In the Linux kernel, the following vulnerability has been resolved: staging: pi433: fix memory leak with using debugfs_lookup() When calling debugfs2025-09-17
OSV
CVE-2023-53355: In the Linux kernel, the following vulnerability has been resolved: staging: pi433: fix memory leak with using debugfs_lookup() When calling debugfs_l2025-09-17

📋Vendor Advisories

3
Red Hat
kernel: staging: pi433: fix memory leak with using debugfs_lookup()2025-09-17
Microsoft
staging: pi433: fix memory leak with using debugfs_lookup()2025-09-09
Debian
CVE-2023-53355: linux - In the Linux kernel, the following vulnerability has been resolved: staging: pi...2023
CVE-2023-53355 — Linux vulnerability | cvebase