CVE-2023-52653: SUNRPC: fix a memleak in gss_import_v2_context
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: fix a memleak in gssimportv2context
The ctx->mechused.data allocated by kmemdup is not freed in neither gssimportv2context nor it only caller gsskrb5importseccontext, which frees ctx on error.
Thus, this patch reform the last call of gssimportv2context to the gsskrb5importctxv2, preventing the memleak while keepping the return formation.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: fix a memleak in gssimportv2context
The Linux kernel CVE team has assigned CVE-2023-52653 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050131-CVE-2023-52653-a5c2@gregkh/T
— Red Hat
Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the gssimportv2context function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2023-52653?
CVE-2023-52653 has a critical severity due to its potential memory leak in the Linux kernel.
How do I fix CVE-2023-52653?
To fix CVE-2023-52653, update your Linux kernel to version 6.6.23 or later for Red Hat, or 5.10.223-1 to 5.10.226-1 or 6.1.119-1 to 6.1.123-1 for Debian.
Which systems are affected by CVE-2023-52653?
CVE-2023-52653 affects specific versions of the Linux kernel in both Red Hat and Debian distributions.
What components of the Linux kernel are impacted by CVE-2023-52653?
CVE-2023-52653 impacts the SUNRPC subsystem of the Linux kernel, specifically related to context management.
Is there a workaround for CVE-2023-52653 if I cannot update?
There is no known workaround for CVE-2023-52653, so the recommended action is to apply the kernel update.