CVE-2023-53674
BaseFortify
Publication date: 2025-10-07
Last updated on: 2026-02-26
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory leak in the Linux kernel related to the function devm_clk_notifier_register(). The function allocates a resource for a clock notifier but fails to register it properly with the device. As a result, when the device is detached, the notifier is not unregistered and the allocated memory resource is leaked. The issue was fixed by ensuring the resource is registered correctly using devres_add().
How can this vulnerability impact me? :
This vulnerability can lead to memory leaks in the Linux kernel, which over time may cause increased memory usage and potentially degrade system performance or stability, especially on devices like Chromebooks where it was originally found.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the memory leak in devm_clk_notifier_register(). The fix involves registering the resource properly through devres_add() to prevent memory leaks on device detach.