CVE-2023-53670Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective LifetimeCWE-772Missing Release of Resource after Effective Lifetime5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 7

Description

In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix dev_pm_qos memleak Call dev_pm_qos_hide_latency_tolerance() in the error unwind patch to avoid following kmemleak:- blktests (master) # kmemleak-clear; ./check nvme/044; blktests (master) # kmemleak-scan ; kmemleak-show nvme/044 (Test bi-directional authentication) [passed] runtime 2.111s ... 2.124s unreferenced object 0xffff888110c46240 (size 96): comm "nvme", pid 33461, jiffies 4345365353 (age 75.586s) hex du

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel6.06.1.39+2
Debianlinux/linux_kernel< 6.1.52-1+2
CVEListV5linux/linuxf50fff73d620cd6e8f48bc58d4f1c944615a3feae1379e067b9485e5af03399fe3f0d39bccb023ad+4
debiandebian/linux< linux 6.1.52-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2023-53670: In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix dev_pm_qos memleak Call dev_pm_qos_hide_latency_tolerance() in the2025-10-07
GHSA
GHSA-hjjv-g993-99j8: In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix dev_pm_qos memleak Call dev_pm_qos_hide_latency_tolerance() in th2025-10-07

📋Vendor Advisories

2
Red Hat
kernel: nvme-core: fix dev_pm_qos memleak2025-10-07
Debian
CVE-2023-53670: linux - In the Linux kernel, the following vulnerability has been resolved: nvme-core: ...2023