CVE-2023-53199
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-12-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 2.6.38 (inc) to 4.19.276 (exc) |
| linux | linux_kernel | From 4.20 (inc) to 5.4.235 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.173 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.99 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.16 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.2.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-772 | The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory leak in the Linux kernel's ath9k wireless driver, specifically in the hif_usb component. When the function ath9k_hif_usb_rx_stream() fails due to invalid input packets (incorrect pkt_len or pkt_tag), the already allocated socket buffers (skbs) in the skb_pool are not freed properly, causing a memory leak. The patch fixes this by ensuring all associated packets are freed when a failure occurs and prevents use-after-free errors by setting pointers to NULL after processing.
How can this vulnerability impact me? :
This vulnerability can lead to a memory leak in the Linux kernel's wireless driver, which may cause increased memory usage and potentially degrade system performance or stability over time. In severe cases, it could lead to denial of service if the system runs out of memory due to unreleased buffers.