CVE-2023-53720 — Missing Release of Resource after Effective Lifetime in Linux

CWE-772 — Missing Release of Resource after Effective Lifetime6 documents5 sources

Severity

4.1MEDIUM

No vector

EPSS

0.0%

top 92.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedOct 22

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Release the label when replacing existing ct entry Cited commit doesn't release the label mapping when replacing existing ct entry which leads to following memleak report: unreferenced object 0xffff8881854cf280 (size 96): comm "kworker/u48:74", pid 23093, jiffies 4296664564 (age 175.944s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 …

Affected Packages3 packages

▶Linuxlinux/linux_kernel6.3.0 — 6.3.2

▶CVEListV5linux/linux94ceffb48eac7692677d8093dcde6965b70c4b35 — 3db903a71f1f4bbf30baae166a4a49f2e8aceb61+2

▶debiandebian/linux

🔴Vulnerability Details

OSV

CVE-2023-53720: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Release the label when replacing existing ct entry Cited commit doesn't↗2025-10-22

▶

GHSA

GHSA-2q63-477w-qcv2: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Release the label when replacing existing ct entry Cited commit doesn↗2025-10-22

▶

OSV

net/mlx5e: Release the label when replacing existing ct entry↗2025-10-22

▶

📋Vendor Advisories

Red Hat

kernel: net/mlx5e: Release the label when replacing existing ct entry↗2025-10-22

▶

Debian

CVE-2023-53720: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: ...↗2023

▶