CVE-2023-53415Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective LifetimeCWE-772Missing Release of Resource after Effective Lifetime5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: USB: dwc3: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. Note, the root dentry for the debugfs directory for the device needs to be saved so we don't have to keep looking it up, which required a bit more ref

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel5.166.1.18+2
Debianlinux/linux_kernel< 6.1.20-1+2
CVEListV5linux/linux8d396bb0a5b62b326f6be7594d8bd46b088296bdcf52c320cf74245ce1c12b0bd48f77b87d77fbc9+8
debiandebian/linux< linux 6.1.20-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2023-53415: In the Linux kernel, the following vulnerability has been resolved: USB: dwc3: fix memory leak with using debugfs_lookup() When calling debugfs_lookup2025-09-18
GHSA
GHSA-gw7v-q6j5-h9mv: In the Linux kernel, the following vulnerability has been resolved: USB: dwc3: fix memory leak with using debugfs_lookup() When calling debugfs_look2025-09-18

📋Vendor Advisories

2
Red Hat
kernel: USB: dwc3: fix memory leak with using debugfs_lookup()2025-09-18
Debian
CVE-2023-53415: linux - In the Linux kernel, the following vulnerability has been resolved: USB: dwc3: ...2023
CVE-2023-53415 — Linux vulnerability | cvebase