CVE-2023-53396 — Missing Release of Memory after Effective Lifetime in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 18
Description
In the Linux kernel, the following vulnerability has been resolved:
ubifs: Fix memory leak in do_rename
If renaming a file in an encrypted directory, function
fscrypt_setup_filename allocates memory for a file name. This name is
never used, and before returning to the caller the memory for it is not
freed.
When running kmemleak on it we see that it is registered as a leak. The
report below is triggered by a simple program 'rename' that renames a
file in an encrypted directory:
unreferenced o…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
▶CVEListV5linux/linuxc67bc98d1f0853bb196e9c48eab38b6f2ddab795 — 43b2f7d690697182beed6f71aa57b7249d3cfc9c+7
Patches
🔴Vulnerability Details
2OSV▶
CVE-2023-53396: In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memory leak in do_rename If renaming a file in an encrypted directory,↗2025-09-18
GHSA▶
GHSA-427x-59vx-vjwq: In the Linux kernel, the following vulnerability has been resolved:
ubifs: Fix memory leak in do_rename
If renaming a file in an encrypted directory↗2025-09-18
📋Vendor Advisories
2💬Community
1Bugzilla▶
CVE-2023-53396 kernel: Linux kernel: Memory leak leading to denial of service via renaming a file in an encrypted directory↗2025-09-18