CVE-2023-53767 — Missing Release of Resource after Effective Lifetime in Linux

CWE-772 — Missing Release of Resource after Effective Lifetime6 documents5 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 89.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 8

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix memory leak in ath12k_qmi_driver_event_work() Currently the buffer pointed by event is not freed in case ATH12K_FLAG_UNREGISTERING bit is set, this causes memory leak. Add a goto skip instead of return, to ensure event and all the list entries are freed properly. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.3.0 — 6.3.4

▶Debianlinux/linux_kernel< 6.3.7-1+1

▶CVEListV5linux/linuxd889913205cf7ebda905b1e62c5867ed4e39f6c2 — a87f59041a7f77b4bdab05cea60ac6adc69dc5d2+2

▶debiandebian/linux

🔴Vulnerability Details

OSV

wifi: ath12k: fix memory leak in ath12k_qmi_driver_event_work()↗2025-12-08

▶

GHSA

GHSA-rw7c-q4g4-f6m7: In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix memory leak in ath12k_qmi_driver_event_work() Currently the bu↗2025-12-08

▶

OSV

CVE-2023-53767: In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix memory leak in ath12k_qmi_driver_event_work() Currently the buff↗2025-12-08

▶

📋Vendor Advisories

Red Hat

kernel: Linux kernel: Denial of Service via memory leak in ath12k Wi-Fi driver↗2025-12-08

▶

Debian

CVE-2023-53767: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: ath12...↗2023

▶