CVE-2023-53594Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective LifetimeCWE-771Missing Reference to Active Allocated Resource5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 96.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 4

Description

In the Linux kernel, the following vulnerability has been resolved: driver core: fix resource leak in device_add() When calling kobject_add() failed in device_add(), it will call cleanup_glue_dir() to free resource. But in kobject_add(), dev->kobj.parent has been set to NULL. This will cause resource leak. The process is as follows: device_add() get_device_parent() class_dir_create_and_add() kobject_add() //kobject_get() ... dev->kobj.parent = kobj; ... kobject_add() //failed, but set dev->ko

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel3.10.1053.11+5
Debianlinux/linux_kernel< 6.1.20-1+2
CVEListV5linux/linuxcebf8fd16900fdfd58c0028617944f808f97fe508d389e363075c2e1deb84a560686ea92123e4b8b+8
debiandebian/linux< linux 6.1.20-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2023-53594: In the Linux kernel, the following vulnerability has been resolved: driver core: fix resource leak in device_add() When calling kobject_add() failed i2025-10-04
GHSA
GHSA-h86p-mcmj-rh92: In the Linux kernel, the following vulnerability has been resolved: driver core: fix resource leak in device_add() When calling kobject_add() failed2025-10-04

📋Vendor Advisories

2
Red Hat
kernel: driver core: fix resource leak in device_add()2025-10-04
Debian
CVE-2023-53594: linux - In the Linux kernel, the following vulnerability has been resolved: driver core...2023