CVE-2023-53997 — Linux vulnerability

7 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 92.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: thermal: of: fix double-free on unregistration Since commit 3d439b1a2ad3 ("thermal/core: Alloc-copy-free the thermal zone parameters structure"), thermal_zone_device_register() allocates a copy of the tzp argument and frees it when unregistering, so thermal_of_zone_register() now ends up leaking its original tzp and double-freeing the tzp copy. Fix this by locating tzp on stack instead.

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.4.0 — 6.4.8

▶Debianlinux/linux_kernel< 6.4.11-1+1

▶CVEListV5linux/linux3d439b1a2ad36c8b4ea151c8de25309d60d17407 — adce49089412a9ae28f5c666e0bb12fbcd86b3f7+2

▶debiandebian/linux< linux 6.4.11-1 (forky)

🔴Vulnerability Details

OSV

thermal: of: fix double-free on unregistration↗2025-12-24

▶

OSV

CVE-2023-53997: In the Linux kernel, the following vulnerability has been resolved: thermal: of: fix double-free on unregistration Since commit 3d439b1a2ad3 ("thermal↗2025-12-24

▶

GHSA

GHSA-hjrg-jf9q-4c95: In the Linux kernel, the following vulnerability has been resolved: thermal: of: fix double-free on unregistration Since commit 3d439b1a2ad3 ("therm↗2025-12-24

▶

📋Vendor Advisories

Red Hat

kernel: thermal: of: fix double-free on unregistration↗2025-12-24

▶

Debian

CVE-2023-53997: linux - In the Linux kernel, the following vulnerability has been resolved: thermal: of...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-53997 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶