CVE-2023-53303 (CNNVD-202509-2575)
中文标题:
Linux kernel 安全漏洞
英文标题:
net: microchip: vcap api: Fix possible memory leak for vcap_dup_rule()
漏洞描述
中文描述:
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于vcap_dup_rule函数中内存分配失败时未释放已分配内存,可能导致内存泄漏。
英文描述:
In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix possible memory leak for vcap_dup_rule() Inject fault When select CONFIG_VCAP_KUNIT_TEST, the below memory leak occurs. If kzalloc() for duprule succeeds, but the following kmemdup() fails, the duprule, ckf and caf memory will be leaked. So kfree them in the error path. unreferenced object 0xffff122744c50600 (size 192): comm "kunit_try_catch", pid 346, jiffies 4294896122 (age 911.812s) hex dump (first 32 bytes): 10 27 00 00 04 00 00 00 1e 00 00 00 2c 01 00 00 .'..........,... 00 00 00 00 00 00 00 00 18 06 c5 44 27 12 ff ff ...........D'... backtrace: [<00000000394b0db8>] __kmem_cache_alloc_node+0x274/0x2f8 [<0000000001bedc67>] kmalloc_trace+0x38/0x88 [<00000000b0612f98>] vcap_dup_rule+0x50/0x460 [<000000005d2d3aca>] vcap_add_rule+0x8cc/0x1038 [<00000000eef9d0f8>] test_vcap_xn_rule_creator.constprop.0.isra.0+0x238/0x494 [<00000000cbda607b>] vcap_api_rule_remove_in_front_test+0x1ac/0x698 [<00000000c8766299>] kunit_try_run_case+0xe0/0x20c [<00000000c4fe9186>] kunit_generic_run_threadfn_adapter+0x50/0x94 [<00000000f6864acf>] kthread+0x2e8/0x374 [<0000000022e639b3>] ret_from_fork+0x10/0x20
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Linux | Linux | - | < a26ba60413b2c8f95daf0ee0152cf82abd7bfbe4 | - |
cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*
|
| Linux | Linux | 6.3 | - | - |
cpe:2.3:a:linux:linux:6.3:*:*:*:*:*:*:*
|
| linux | linux_kernel | * | - | - |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
|
| linux | linux_kernel | 6.6 | - | - |
cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2023-53303 |
2025-11-11 15:22:15 | 2025-11-11 07:38:49 |
| NVD | nvd_CVE-2023-53303 |
2025-11-11 14:59:22 | 2025-11-11 07:46:53 |
| CNNVD | cnnvd_CNNVD-202509-2575 |
2025-11-11 15:12:57 | 2025-11-11 08:00:11 |
版本与语言
安全公告
变更历史
查看详细变更
- affected_products_count: 2 -> 4
查看详细变更
- vulnerability_type: 未提取 -> 其他
- severity: SeverityLevel.MEDIUM -> SeverityLevel.UNKNOWN
- cvss_score: 未提取 -> 0.0
- cnnvd_id: 未提取 -> CNNVD-202509-2575
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 3 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']