CVE-2023-53375 — Missing Release of Memory after Effective Lifetime in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 18
Description
In the Linux kernel, the following vulnerability has been resolved:
tracing: Free error logs of tracing instances
When a tracing instance is removed, the error messages that hold errors
that occurred in the instance needs to be freed. The following reports a
memory leak:
# cd /sys/kernel/tracing
# mkdir instances/foo
# echo 'hist:keys=x' > instances/foo/events/sched/sched_switch/trigger
# cat instances/foo/error_log
[ 117.404795] hist:sched:sched_switch: error: Couldn't find field
Command: hi…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
▶CVEListV5linux/linux2f754e771b1a6feba670782e82c45555984ac43b — 987f599fc556a4e64c405d8dde32c70311e8c278+6
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-gqg7-c937-vcqh: In the Linux kernel, the following vulnerability has been resolved:
tracing: Free error logs of tracing instances
When a tracing instance is removed↗2025-09-18
OSV▶
CVE-2023-53375: In the Linux kernel, the following vulnerability has been resolved: tracing: Free error logs of tracing instances When a tracing instance is removed,↗2025-09-18
📋Vendor Advisories
2💬Community
1Bugzilla▶
CVE-2023-53375 kernel: Linux kernel: Memory leak in tracing error log management causes denial of service↗2025-09-18