CVE-2023-53999Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fix internal port memory leak The flow rule can be splited, and the extra post_act rules are added to post_act table. It's possible to trigger memleak when the rule forwards packets from internal port and over tunnel, in the case that, for example, CT 'new' state offload is allowed. As int_port object is assigned to the flow attribute of post_act rule, and its refcnt is incremented by mlx5e_tc_int_port_get(), bu

Affected Packages4 packages

Linuxlinux/linux_kernel5.18.06.4.11
Debianlinux/linux_kernel< 6.4.11-1+1
CVEListV5linux/linux8300f225268be9ee2c0daf5a3f23929fcdcbf213bc1918bac0f30e3f551ef5649b53062917db55fa+2
debiandebian/linux< linux 6.4.11-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2023-53999: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fix internal port memory leak The flow rule can be splited, and the2025-12-24
GHSA
GHSA-x7x5-xvrp-r655: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fix internal port memory leak The flow rule can be splited, and t2025-12-24
OSV
net/mlx5e: TC, Fix internal port memory leak2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Denial of Service due to memory leak in mlx5e driver2025-12-24
Debian
CVE-2023-53999: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-53999 Impact, Exploitability, and Mitigation Steps | Wiz