CVE-2023-53436 — Missing Release of Memory after Effective Lifetime in Linux

CWE-401 — Missing Release of Memory after Effective Lifetime5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 95.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible memory leak if device_add() fails If device_add() returns error, the name allocated by dev_set_name() needs be freed. As the comment of device_add() says, put_device() should be used to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanp().

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel4.2 — 4.14.323+7

▶Debianlinux/linux_kernel< 5.10.191-1+3

▶CVEListV5linux/linuxc8806b6c9e824f47726f2a9b7fbbe7ebf19306fa — 789275f7c0544374d40bc8d9c81f96751a41df45+8

▶debiandebian/linux< linux 6.1.52-1 (bookworm)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

CVE-2023-53436: In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible memory leak if device_add() fails If device_add() returns↗2025-09-18

▶

GHSA

GHSA-vm7p-qhqq-3564: In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible memory leak if device_add() fails If device_add() retur↗2025-09-18

▶

📋Vendor Advisories

Red Hat

kernel: scsi: snic: Fix possible memory leak if device_add() fails↗2025-09-18

▶

Debian

CVE-2023-53436: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: snic:...↗2023

▶