CVE-2023-53271

{"id": "CVE-2023-53271", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-09-16T08:15:35.900", "references": [{"url": "https://git.kernel.org/stable/c/07b60f7452d2fa731737552937cb81821919f874", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/09780a44093b53f9cbca76246af2e4ff0884e512", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/1e591ea072df7211f64542a09482b5f81cb3ad27", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/26ec2d66aecab8ff997b912c20247fedba4f5740", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/27b760b81951d8d5e5c952a696af8574052b0709", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/31d60afe2cc2b712dbefcaab6b7d6a47036f844e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5c0c81a313492b83bd0c038b8839b0e04eb87563", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/95a72417dd13ebcdcb1bd0c5d4d15f7c5bfbb288", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()\n\nThere is a memory leaks problem reported by kmemleak:\n\nunreferenced object 0xffff888102007a00 (size 128):\n comm \"ubirsvol\", pid 32090, jiffies 4298464136 (age 2361.231s)\n hex dump (first 32 bytes):\nff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................\nff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................\n backtrace:\n[<ffffffff8176cecd>] __kmalloc+0x4d/0x150\n[<ffffffffa02a9a36>] ubi_eba_create_table+0x76/0x170 [ubi]\n[<ffffffffa029764e>] ubi_resize_volume+0x1be/0xbc0 [ubi]\n[<ffffffffa02a3321>] ubi_cdev_ioctl+0x701/0x1850 [ubi]\n[<ffffffff81975d2d>] __x64_sys_ioctl+0x11d/0x170\n[<ffffffff83c142a5>] do_syscall_64+0x35/0x80\n[<ffffffff83e0006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThis is due to a mismatch between create and destroy interfaces, and\nin detail that \"new_eba_tbl\" created by ubi_eba_create_table() but\ndestroyed by kfree(), while will causing \"new_eba_tbl->entries\" not\nfreed.\n\nFix it by replacing kfree(new_eba_tbl) with\nubi_eba_destroy_table(new_eba_tbl)"}], "lastModified": "2025-12-03T16:55:20.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7292C460-000B-4120-B05D-5672751A14E4", "versionEndExcluding": "4.14.308", "versionStartIncluding": "4.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C902FC54-DDBD-4DA6-BFEF-26889A267464", "versionEndExcluding": "4.19.276", "versionStartIncluding": "4.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13DD5E68-8CB4-46EE-9A8F-C7F6C1A84430", "versionEndExcluding": "5.4.235", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D810CFB-B7C5-493C-B98A-0D5F0D8A47B6", "versionEndExcluding": "5.10.173", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D7E5BB5-018B-46B7-A2C4-1ADB75099822", "versionEndExcluding": "5.15.100", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8D24FD5-5A98-4042-9419-39DCFCBEFFF5", "versionEndExcluding": "6.1.18", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0575B33B-A320-4E51-84CA-10C937341E02", "versionEndExcluding": "6.2.5", "versionStartIncluding": "6.2"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}