CVE-2023-53514 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-53514 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix memory leak of device names The device names allocated by dev_set_name() need be freed before module unloading, but they can not be freed because the kobject's refcount which was set in device_initialize() has not be decreased to 0. As comment of device_add() says, if it fails, use only put_device() drop the refcount, then the name will be freed in kobejct_cleanup(). device_del() and put_device() can be replaced with device_unregister(), so call it to unregister the added successfully devices, and just call put_device() to the not added device. Add a release() function to device to avoid null release() function WARNING in device_release(), it's empty, because the context devices are freed together in host1x_memory_context_list_free().

EPSS 0.02% · 3.2th percentile

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.02%

3.2th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	6.0, 6.0, 6.0
Linux	Linux	6.4, 8aa5bcb61612060429223d1fbb7a1c30a579fc1f, 6.2.15

Timeline

Jan 21, 1970 Security Advisory
Oct 1, 2025 EPSS Score
Oct 1, 2025 CVE Published
Oct 4, 2025 Coalition ESS Score
Oct 7, 2025 EPSS Score
Oct 13, 2025 EPSS Score
Oct 19, 2025 EPSS Score
Oct 25, 2025 EPSS Score
Oct 25, 2025 Coalition ESS Score
Oct 31, 2025 EPSS Score
Nov 3, 2025 Coalition ESS Score
Nov 6, 2025 EPSS Score

References

Open in Interactive Console →