CVE-2023-53181
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-12-02
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.16 (inc) to 6.1.42 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.4.7 (exc) |
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | 6.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's dma-buf/dma-resv subsystem where a memory leak happens if the krealloc_array() function fails during the dma_resv_get_fences() operation. Specifically, if the fence iteration restarts and krealloc_array() fails, the previously allocated array is leaked because it is not freed properly. Additionally, some callers continue to access the array even after dma_resv_get_fences() fails, which can lead to accessing freed memory. The fix involves manually freeing the old array, clearing the returned fences pointer to prevent use-after-free, and zeroing out the number of fences to avoid further issues.
How can this vulnerability impact me? :
This vulnerability can lead to memory leaks and potential use-after-free conditions in the Linux kernel, which may cause system instability, crashes, or security risks such as privilege escalation or denial of service if exploited. The improper handling of memory could be leveraged by attackers to compromise system reliability or security.