Memory leak in Linux kernel - CVE-2023-53054
Published: May 3, 2025 / Updated: May 10, 2025
Vulnerability identifier: #VU108415
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-53054
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dwc2_get_dr_mode(), __dwc2_lowlevel_hw_enable() and __dwc2_lowlevel_hw_disable() functions in drivers/usb/dwc2/platform.c. A local user can perform a denial of service (DoS) attack.
How to mitigate CVE-2023-53054
Install update from vendor's website.
Sources
- https://git.kernel.org/stable/c/1f01027c51eb16145e8e07fafea3ca07ef102d06
- https://git.kernel.org/stable/c/6485fc381b6528b6f547ee1ff10bdbcbe31a6e4c
- https://git.kernel.org/stable/c/cba76e1fb896b573f09f51aa299223276a77bc90
- https://git.kernel.org/stable/c/f747313249b74f323ddf841a9c8db14d989f296a
- https://git.kernel.org/stable/c/ffb8ab6f87bd28d700ab5c20d9d3a7e75067630d
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.22