CVE-2023-53278
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-16

Last updated on: 2025-12-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memory leak in ubifs_sysfs_init() When insmod ubifs.ko, a kmemleak reported as below: unreferenced object 0xffff88817fb1a780 (size 8): comm "insmod", pid 25265, jiffies 4295239702 (age 100.130s) hex dump (first 8 bytes): 75 62 69 66 73 00 ff ff ubifs... backtrace: [<ffffffff81b3fc4c>] slab_post_alloc_hook+0x9c/0x3c0 [<ffffffff81b44bf3>] __kmalloc_track_caller+0x183/0x410 [<ffffffff8198d3da>] kstrdup+0x3a/0x80 [<ffffffff8198d486>] kstrdup_const+0x66/0x80 [<ffffffff83989325>] kvasprintf_const+0x155/0x190 [<ffffffff83bf55bb>] kobject_set_name_vargs+0x5b/0x150 [<ffffffff83bf576b>] kobject_set_name+0xbb/0xf0 [<ffffffff8100204c>] do_one_initcall+0x14c/0x5a0 [<ffffffff8157e380>] do_init_module+0x1f0/0x660 [<ffffffff815857be>] load_module+0x6d7e/0x7590 [<ffffffff8158644f>] __do_sys_finit_module+0x19f/0x230 [<ffffffff815866b3>] __x64_sys_finit_module+0x73/0xb0 [<ffffffff88c98e85>] do_syscall_64+0x35/0x80 [<ffffffff88e00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd When kset_register() failed, we should call kset_put to cleanup it.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2025-12-03
Generated
2026-05-07
AI Q&A
2025-09-16
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53278
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.17 (inc) to 6.1.18 (exc)
linux linux_kernel From 6.2 (inc) to 6.2.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a memory leak in the Linux kernel's UBIFS subsystem, specifically in the ubifs_sysfs_init() function. When the ubifs kernel module (ubifs.ko) is inserted using insmod, a memory leak is reported by kmemleak due to an unreferenced object. The issue occurs because when kset_register() fails, the cleanup function kset_put is not called, leading to the memory not being freed properly.


How can this vulnerability impact me? :

The memory leak can cause increased memory usage over time when the ubifs kernel module is loaded, potentially leading to reduced system performance or stability issues if the leak accumulates. This could affect systems relying on UBIFS for flash storage management, especially in embedded or resource-constrained environments.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing kmemleak reports when the ubifs kernel module is inserted using insmod. Specifically, running 'insmod ubifs.ko' and then checking for unreferenced objects related to ubifs in the kmemleak output can indicate the presence of the issue. Commands to use include: 'insmod ubifs.ko' followed by 'cat /sys/kernel/debug/kmemleak' to check for memory leaks.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves applying the fix that ensures kset_put is called to clean up when kset_register() fails during ubifs module initialization. Until a patched kernel is applied, avoid loading the ubifs module with insmod to prevent triggering the memory leak.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart