| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120841-CVE-2023-53745-2ae7@gregkh> Date: Mon, 8 Dec 2025 10:19:44 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53745: um: vector: Fix memory leak in vector_config From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: um: vector: Fix memory leak in vector_config If the return value of the uml_parse_vector_ifspec function is NULL, we should call kfree(params) to prevent memory leak. The Linux kernel CVE team has assigned CVE-2023-53745 to this issue. Affected and fixed versions =========================== Issue introduced in 4.17 with commit 49da7e64f33e80edffb1a9eeb230fa4c3f42dffb and fixed in 4.19.276 with commit 5c49fb5ad01104acc584405572abf6616d45148e Issue introduced in 4.17 with commit 49da7e64f33e80edffb1a9eeb230fa4c3f42dffb and fixed in 5.4.235 with commit 6480c3a12755bf85d6738ab60967e89b809c701a Issue introduced in 4.17 with commit 49da7e64f33e80edffb1a9eeb230fa4c3f42dffb and fixed in 5.10.173 with commit f2b9c4544e3bd60f353732291300097b0e8d8454 Issue introduced in 4.17 with commit 49da7e64f33e80edffb1a9eeb230fa4c3f42dffb and fixed in 5.15.100 with commit 276a7298af6a801e9a865282605a79303365ec66 Issue introduced in 4.17 with commit 49da7e64f33e80edffb1a9eeb230fa4c3f42dffb and fixed in 6.1.18 with commit c8583b4655aab44a9796b5c4a681ddcc6fe2f0d0 Issue introduced in 4.17 with commit 49da7e64f33e80edffb1a9eeb230fa4c3f42dffb and fixed in 6.2.5 with commit 634a9c139cc1362f6a9cc6cbfe442dbb60ff9f3f Issue introduced in 4.17 with commit 49da7e64f33e80edffb1a9eeb230fa4c3f42dffb and fixed in 6.3 with commit 8f88c73afe481f93d40801596927e8c0047b6d96 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53745 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/um/drivers/vector_kern.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/5c49fb5ad01104acc584405572abf6616d45148e https://git.kernel.org/stable/c/6480c3a12755bf85d6738ab60967e89b809c701a https://git.kernel.org/stable/c/f2b9c4544e3bd60f353732291300097b0e8d8454 https://git.kernel.org/stable/c/276a7298af6a801e9a865282605a79303365ec66 https://git.kernel.org/stable/c/c8583b4655aab44a9796b5c4a681ddcc6fe2f0d0 https://git.kernel.org/stable/c/634a9c139cc1362f6a9cc6cbfe442dbb60ff9f3f https://git.kernel.org/stable/c/8f88c73afe481f93d40801596927e8c0047b6d96
Powered by blists - more mailing lists