SB2025091639 - Memory leak in Linux kernel firmware driver
Published: September 16, 2025 Updated: September 22, 2025
Security Bulletin ID
SB2025091639
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2023-53255)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the svc_create_memory_pool() function in drivers/firmware/stratix10-svc.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1995f15590ca222f91193ed11461862b450abfd6
- https://git.kernel.org/stable/c/7363de081c793e47866cb54ce7cb8a480cffc259
- https://git.kernel.org/stable/c/974ac045a05ad12a0b4578fb303f00dcc22f3aba
- https://git.kernel.org/stable/c/c04ed61ebf01968d7699b121663982493ed577fb
- https://git.kernel.org/stable/c/cb8a31a56df8492fb0d900959238e1a3ff8b8981
- https://git.kernel.org/stable/c/e3373e6b6c79aff698442b00d20c9f285d296e46
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.251