DEBIAN-CVE-2023-53199
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-53199
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53199.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53199
- Upstream
- Published
- 2025-09-15T15:15:46Z
- Modified
- 2025-09-19T07:33:40.400205Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hifusb: clean up skbs if ath9khifusbrxstream() fails Syzkaller detected a memory leak of skbs in ath9khifusbrxstream(). While processing skbs in ath9khifusbrxstream(), the already allocated skbs in skbpool are not freed if ath9khifusbrxstream() fails. If we have an incorrect pktlen or pkttag, the input skb is considered invalid and dropped. All the associated packets already in skbpool should be dropped and freed. Added a comment describing this issue. The patch also makes remainskb NULL after being processed so that it cannot be referenced after potential free. The initialization of hifdev fields which are associated with remainskb (rxremainlen, rxtransferlen and rxpadlen) is moved after a new remain_skb is allocated. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.178-1
Affected versions
5.*
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source