CVE-2023-53396
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-18

Last updated on: 2025-12-12

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memory leak in do_rename If renaming a file in an encrypted directory, function fscrypt_setup_filename allocates memory for a file name. This name is never used, and before returning to the caller the memory for it is not freed. When running kmemleak on it we see that it is registered as a leak. The report below is triggered by a simple program 'rename' that renames a file in an encrypted directory: unreferenced object 0xffff888101502840 (size 32): comm "rename", pid 9404, jiffies 4302582475 (age 435.735s) backtrace: __kmem_cache_alloc_node __kmalloc fscrypt_setup_filename do_rename ubifs_rename vfs_rename do_renameat2 To fix this we can remove the call to fscrypt_setup_filename as it's not needed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-18
Last Modified
2025-12-12
Generated
2026-05-07
AI Q&A
2025-09-18
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53396
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.33 (inc) to 5.15.112 (exc)
linux linux_kernel From 5.16.19 (inc) to 5.17 (exc)
linux linux_kernel From 5.17.2 (inc) to 6.1.28 (exc)
linux linux_kernel From 6.2 (inc) to 6.2.15 (exc)
linux linux_kernel From 6.3 (inc) to 6.3.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a memory leak in the Linux kernel's ubifs subsystem when renaming a file in an encrypted directory. Specifically, the function fscrypt_setup_filename allocates memory for a file name but never uses or frees it, causing a memory leak.


How can this vulnerability impact me? :

The impact of this vulnerability is a memory leak that can cause increased memory usage over time when renaming files in encrypted directories. This could potentially degrade system performance or stability if the leak accumulates.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by running kmemleak on the system. The memory leak is registered by kmemleak when a file is renamed in an encrypted directory. You can use the kmemleak tool to scan for unreferenced memory objects related to the rename operation. For example, running a simple rename command on a file in an encrypted directory and then checking kmemleak reports can help detect this issue.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves applying the patch that removes the unnecessary call to fscrypt_setup_filename in the Linux kernel's ubifs rename function. Until the patch is applied, avoid renaming files in encrypted directories to prevent triggering the memory leak.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart