| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091643-CVE-2023-53318-633b@gregkh> Date: Tue, 16 Sep 2025 18:12:03 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53318: recordmcount: Fix memory leaks in the uwrite function From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: recordmcount: Fix memory leaks in the uwrite function Common realloc mistake: 'file_append' nulled but not freed upon failure The Linux kernel CVE team has assigned CVE-2023-53318 to this issue. Affected and fixed versions =========================== Fixed in 4.14.316 with commit bd39f68a309a947670379bf9a39b16c584f86ddb Fixed in 4.19.284 with commit 444ec005404cead222ebce2561a9451c9ee5ad89 Fixed in 5.4.244 with commit 3ed95a6f6c646e8bb15c354536e0ab10e8f39c08 Fixed in 5.10.181 with commit 2d9ca5f62f2ba160ff9c9be4adf401c46c04edef Fixed in 5.15.113 with commit ff70ad9159fbb566b2c15724f44207e8deccd527 Fixed in 6.1.30 with commit 895130e63c93926f07caf5db286b97bd27b81de9 Fixed in 6.3.4 with commit 25c9b185f121812cbc215fdaa1192c6b9025b428 Fixed in 6.4 with commit fa359d068574d29e7d2f0fdd0ebe4c6a12b5cfb9 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53318 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: scripts/recordmcount.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/bd39f68a309a947670379bf9a39b16c584f86ddb https://git.kernel.org/stable/c/444ec005404cead222ebce2561a9451c9ee5ad89 https://git.kernel.org/stable/c/3ed95a6f6c646e8bb15c354536e0ab10e8f39c08 https://git.kernel.org/stable/c/2d9ca5f62f2ba160ff9c9be4adf401c46c04edef https://git.kernel.org/stable/c/ff70ad9159fbb566b2c15724f44207e8deccd527 https://git.kernel.org/stable/c/895130e63c93926f07caf5db286b97bd27b81de9 https://git.kernel.org/stable/c/25c9b185f121812cbc215fdaa1192c6b9025b428 https://git.kernel.org/stable/c/fa359d068574d29e7d2f0fdd0ebe4c6a12b5cfb9
Powered by blists - more mailing lists