CVE-2023-53014

dmaengine: tegra: Fix memory leak in terminate_all()

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra: Fix memory leak in terminate_all() Terminate vdesc when terminating an ongoing transfer.
This will ensure that the vdesc is present in the desc_terminated list
The descriptor will be freed later in desc_free_list(). This fixes the memory leaks which can happen when terminating an
ongoing transfer.

A flaw was found in the tegra186-gpc-dma module in the Linux kernel. A memory leak can occur due to a missing memory release when an ongoing transfer is terminated, potentially impacting system performance and possibly resulting in a denial of service.

In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra: Fix memory leak in terminate_all() Terminate vdesc when terminating an ongoing transfer. This will ensure that the vdesc is present in the desc_terminated list The descriptor will be freed later in desc_free_list(). This fixes the memory leaks which can happen when terminating an ongoing transfer.

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bug fixes.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-03-27 CVE Reserved
2025-03-27 CVE Published
2025-05-04 CVE Updated
2025-06-03 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/ee17028009d49fffed8cc963455d33b1fd3f1d08	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/567128076d554e41609c61b7d447089094ff72c5	2023-02-01
https://git.kernel.org/stable/c/a7a7ee6f5a019ad72852c001abbce50d35e992f2	2023-01-18

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-53014	2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=2355473	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.1.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.1.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.2"		en		Affected