CVE-2023-53271
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-16

Last updated on: 2025-12-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() There is a memory leaks problem reported by kmemleak: unreferenced object 0xffff888102007a00 (size 128): comm "ubirsvol", pid 32090, jiffies 4298464136 (age 2361.231s) hex dump (first 32 bytes): ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ backtrace: [<ffffffff8176cecd>] __kmalloc+0x4d/0x150 [<ffffffffa02a9a36>] ubi_eba_create_table+0x76/0x170 [ubi] [<ffffffffa029764e>] ubi_resize_volume+0x1be/0xbc0 [ubi] [<ffffffffa02a3321>] ubi_cdev_ioctl+0x701/0x1850 [ubi] [<ffffffff81975d2d>] __x64_sys_ioctl+0x11d/0x170 [<ffffffff83c142a5>] do_syscall_64+0x35/0x80 [<ffffffff83e0006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 This is due to a mismatch between create and destroy interfaces, and in detail that "new_eba_tbl" created by ubi_eba_create_table() but destroyed by kfree(), while will causing "new_eba_tbl->entries" not freed. Fix it by replacing kfree(new_eba_tbl) with ubi_eba_destroy_table(new_eba_tbl)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2025-12-03
Generated
2026-06-16
AI Q&A
2025-09-16
EPSS Evaluated
2026-06-14
NVD
CVE-2023-53271
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 4.9 (inc) to 4.14.308 (exc)
linux linux_kernel From 4.15 (inc) to 4.19.276 (exc)
linux linux_kernel From 4.20 (inc) to 5.4.235 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.173 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.100 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.18 (exc)
linux linux_kernel From 6.2 (inc) to 6.2.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a memory leak in the Linux kernel's UBI subsystem, specifically in the ubi_resize_volume() function. It occurs because an object created by ubi_eba_create_table() is improperly freed using kfree(), which does not free all associated memory, leading to unreferenced memory objects. The fix replaces kfree() with ubi_eba_destroy_table() to properly free all allocated memory.

Impact Analysis

The memory leak caused by this vulnerability can lead to increased memory usage over time, potentially degrading system performance or causing resource exhaustion in systems using the UBI subsystem. This could result in instability or crashes if the leak is significant and persistent.

Detection Guidance

This vulnerability can be detected by monitoring kmemleak reports for unreferenced objects related to the ubi_resize_volume() function. Specifically, look for memory leaks reported by kmemleak involving the 'ubirsvol' process or similar. You can enable and check kmemleak in the Linux kernel by using the following commands: 1. Enable kmemleak (if not already enabled): echo scan > /sys/kernel/debug/kmemleak 2. Check kmemleak reports: cat /sys/kernel/debug/kmemleak Look for entries similar to the unreferenced object described in the vulnerability, including backtraces involving ubi_resize_volume and ubi_eba_create_table.

Mitigation Strategies

Immediate mitigation involves updating the Linux kernel to a version where this vulnerability is fixed. The fix replaces the improper kfree() call with a proper ubi_eba_destroy_table() call to correctly free memory and prevent leaks. Until an update is applied, monitoring kmemleak reports and avoiding operations that trigger ubi_resize_volume() may reduce exposure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53271. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart