CVE-2023-53746Release of Invalid Pointer or Reference in Linux

CWE-763Release of Invalid Pointer or Reference6 documents5 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 85.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 8

Description

In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: fix memory leak in vfio_ap device driver The device release callback function invoked to release the matrix device uses the dev_get_drvdata(device *dev) function to retrieve the pointer to the vfio_matrix_dev object in order to free its storage. The problem is, this object is not stored as drvdata with the device; since the kfree function will accept a NULL pointer, the memory for the vfio_matrix_dev object is ne

Affected Packages4 packages

Linuxlinux/linux_kernel4.20.05.4.240+4
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux1fde573413b549d52183382e639c1d6ce88f59595195de1d5f66b276683240a896783f7f43c4f664+6
debiandebian/linux< linux 6.1.25-1 (bookworm)

🔴Vulnerability Details

3
OSV
s390/vfio-ap: fix memory leak in vfio_ap device driver2025-12-08
GHSA
GHSA-pfq8-pr42-5qc2: In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: fix memory leak in vfio_ap device driver The device release callba2025-12-08
OSV
CVE-2023-53746: In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: fix memory leak in vfio_ap device driver The device release callback2025-12-08

📋Vendor Advisories

2
Red Hat
kernel: s390/vfio-ap: fix memory leak in vfio_ap device driver2025-12-08
Debian
CVE-2023-53746: linux - In the Linux kernel, the following vulnerability has been resolved: s390/vfio-a...2023