CVE-2023-53574
BaseFortify
Publication date: 2025-10-04
Last updated on: 2026-03-21
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.2 (inc) to 6.5.5 (inc) |
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's wifi driver 'rtw88' involves a potential crash and memory leak when the driver is unloaded. The issue arises because the TX purge timer and C2H queue were not properly deleted and freed during driver unload, which could lead to instability. The fix involves deleting the timer and freeing the skb queue in the 'rtw_core_deinit()' function, and reducing the critical section by freeing the COEX queue outside the TX report lock scope.
How can this vulnerability impact me? :
This vulnerability can cause a system crash or memory leak when the affected wifi driver is unloaded, potentially leading to system instability or degraded performance.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for CVE-2023-53574, which deletes the TX purge timer and frees the C2H queue properly during driver unload to prevent crashes and memory leaks.