CVE-2023-53050

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix memory leak in margining Memory for the usb4->margining needs to be relased for the upstream port of the router as well, even though the debugfs directory gets released with the router device removal. Fix this.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0b357b360e671688f9bf38ff94300515b68bc247	Patch
https://git.kernel.org/stable/c/acec726473822bc6b585961f4ca2a11fa7f28341	Patch
https://git.kernel.org/stable/c/f390095bbd131ec2dfb29792d9f6fd0f0656bfc0	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc3::::::

History

12 Nov 2025, 18:34

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.3:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.3:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.3:rc2::::::
References	~~() https://git.kernel.org/stable/c/0b357b360e671688f9bf38ff94300515b68bc247 -~~	() https://git.kernel.org/stable/c/0b357b360e671688f9bf38ff94300515b68bc247 - Patch
References	~~() https://git.kernel.org/stable/c/acec726473822bc6b585961f4ca2a11fa7f28341 -~~	() https://git.kernel.org/stable/c/acec726473822bc6b585961f4ca2a11fa7f28341 - Patch
References	~~() https://git.kernel.org/stable/c/f390095bbd131ec2dfb29792d9f6fd0f0656bfc0 -~~	() https://git.kernel.org/stable/c/f390095bbd131ec2dfb29792d9f6fd0f0656bfc0 - Patch
CWE		CWE-401
First Time		Linux linux Kernel Linux

Information

Published : 2025-05-02 16:15

Updated : 2025-11-12 18:34

NVD link : CVE-2023-53050

Mitre link : CVE-2023-53050

CVE.ORG link : CVE-2023-53050

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2023-53050", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-05-02T16:15:24.093", "references": [{"url": "https://git.kernel.org/stable/c/0b357b360e671688f9bf38ff94300515b68bc247", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/acec726473822bc6b585961f4ca2a11fa7f28341", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f390095bbd131ec2dfb29792d9f6fd0f0656bfc0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Fix memory leak in margining\n\nMemory for the usb4->margining needs to be relased for the upstream port\nof the router as well, even though the debugfs directory gets released\nwith the router device removal. Fix this."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Thunderbolt: Se corrige la p\u00e9rdida de memoria en el margining. La memoria para usb4->margining tambi\u00e9n debe liberarse para el puerto ascendente del router, aunque el directorio debugfs se libera al eliminar el dispositivo del router. Se soluciona."}], "lastModified": "2025-11-12T18:34:22.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB2B1008-D6E4-43AA-879E-5F46FF15124E", "versionEndExcluding": "6.1.22", "versionStartIncluding": "6.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "914F22DD-1E6F-4B0A-A14D-3A9F068F6761", "versionEndExcluding": "6.2.9", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8E3B0E8-FA27-4305-87BB-AF6C25B160CB"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A47F0FC3-CE52-4BA1-BA51-22F783938431"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3583026A-27EC-4A4C-850A-83F2AF970673"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}