CVE-2023-53802Missing Reference to Active Allocated Resource in Linux

CWE-771Missing Reference to Active Allocated Resource6 documents5 sources
Severity
6.1MEDIUM
No vector
EPSS
0.0%
top 85.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function It is stated that ath9k_htc_rx_msg() either frees the provided skb or passes its management to another callback function. However, the skb is not freed in case there is no another callback function, and Syzkaller was able to cause a memory leak. Also minor comment fix. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Affected Packages4 packages

Linuxlinux/linux_kernel2.6.354.14.308+6
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linuxfb9987d0f748c983bb795a86f47522313f701a08b11f95f65cc52ee3a756e6f6a88df37a203e25bd+8
debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

3
OSV
wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function2025-12-09
OSV
CVE-2023-53802: In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback funct2025-12-09
GHSA
GHSA-47hx-9qjp-4jqg: In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback func2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function2025-12-09
Debian
CVE-2023-53802: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k...2023