CVE-2023-53708
Awaiting Analysis Awaiting Analysis - Queue

BaseFortify

Vulnerability report for CVE-2023-53708, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-22

Last updated on: 2025-10-22

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects If a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE` objects while evaluating the AMD LPS0 _DSM, there will be a memory leak. Explicitly guard against this.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-22
Last Modified
2025-10-22
Generated
2026-07-07
AI Q&A
2025-10-22
EPSS Evaluated
2026-07-06
NVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's ACPI implementation for x86 systems during s2idle (a low power idle state). If the system firmware is badly constructed and includes multiple ACPI_TYPE_PACKAGE objects when evaluating the AMD LPS0 _DSM method, it can cause a memory leak. The fix involves explicitly guarding against multiple such objects to prevent the leak.

Impact Analysis

The vulnerability can lead to a memory leak in the Linux kernel when running on affected hardware with faulty firmware. This could degrade system performance or stability over time due to memory exhaustion, potentially causing crashes or other unpredictable behavior.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53708. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart