CVE-2023-53002

Published: Mar 27, 2025Modified: Oct 1, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix a memory leak with reused mmap_offset drm_vma_node_allow() and drm_vma_node_revoke() should be called in balanced pairs. We call drm_vma_node_allow() once per-file everytime a user calls mmap_offset, but only call drm_vma_node_revoke once per-file on each mmap_offset. As the mmap_offset is reused by the client, the per-file vm_count may remain non-zero and the rbtree leaked. Call drm_vma_node_allow_once() instead to prevent that memory leak.

Affected (6)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 5.7 to 6.1.9
Linux Linux Kernel	Version 6.2 rc1
Linux Linux Kernel	Version 6.2 rc2
Linux Linux Kernel	Version 6.2 rc3
Linux Linux Kernel	Version 6.2 rc4
Linux Linux Kernel	Version 6.2 rc5

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (2)

https://git.kernel.org/stable/c/0220e4fe178c3390eb0291cdb34912d66972db8a

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/0bdc4b4ba7206c452ee81c82fa66e39d0e1780fb

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.