SB2025091685 - Memory leak in Linux kernel usb dwc3 driver
Published: September 16, 2025 Updated: September 22, 2025
Security Bulletin ID
SB2025091685
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2023-53196)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dwc3_qcom_probe() function in drivers/usb/dwc3/dwc3-qcom.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/097fb3ee710d4de83b8d4f5589e8ee13e0f0541e
- https://git.kernel.org/stable/c/134a7d4642f11daed6bbc378f930a54dd0322291
- https://git.kernel.org/stable/c/648a163cff21ea355c8765e882ba8bf66a870a3e
- https://git.kernel.org/stable/c/74f8606ddfa450d2255b4e61472a7632def1e8c4
- https://git.kernel.org/stable/c/b626cd5e4a87a281629e0c2b07519990077c0fbe
- https://git.kernel.org/stable/c/c3b322b84ab5dda7eaca9ded763628b7467734f4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.39