CVE-2023-53716Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime6 documents5 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 88.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 22

Description

In the Linux kernel, the following vulnerability has been resolved: net: fix skb leak in __skb_tstamp_tx() Commit 50749f2dd685 ("tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.") added a call to skb_orphan_frags_rx() to fix leaks with zerocopy skbs. But it ended up adding a leak of its own. When skb_orphan_frags_rx() fails, the function just returns, leaking the skb it just cloned. Free it before returning. This bug was discovered and resolved using Coverity Static Analysis S

Affected Packages4 packages

Linuxlinux/linux_kernel4.14.3154.14.316+6
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linux281072fb2a7294cde7acbf5375b879f40a8001b782501f1ead557cbee1c2467654ec109a80334d22+15
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
net: fix skb leak in __skb_tstamp_tx()2025-10-22
GHSA
GHSA-rxxr-3f5p-3hc6: In the Linux kernel, the following vulnerability has been resolved: net: fix skb leak in __skb_tstamp_tx() Commit 50749f2dd685 ("tcp/udp: Fix memlea2025-10-22
OSV
CVE-2023-53716: In the Linux kernel, the following vulnerability has been resolved: net: fix skb leak in __skb_tstamp_tx() Commit 50749f2dd685 ("tcp/udp: Fix memleaks2025-10-22

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Network subsystem memory leak2025-10-22
Debian
CVE-2023-53716: linux - In the Linux kernel, the following vulnerability has been resolved: net: fix sk...2023