SB2025100822 - Memory leak in Linux kernel soc aspeed driver
Published: October 8, 2025 Updated: October 27, 2025
Security Bulletin ID
SB2025100822
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2023-53617)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the aspeed_socinfo_init() function in drivers/soc/aspeed/aspeed-socinfo.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/6e6d847a8ce18ab2fbec4f579f682486a82d2c6b
- https://git.kernel.org/stable/c/b662856b71343d9e731c1cd4bbe54758c7791abb
- https://git.kernel.org/stable/c/d9a5ad4477d2a11e9b03f00c52694451e9332228
- https://git.kernel.org/stable/c/dfb9676ed25be25ca7cd198d0f0e093b76b7bc7f
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.128