DEBIAN-CVE-2023-53234

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2023-53234
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53234.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53234
Upstream
Published
2025-09-15T15:15:50Z
Modified
2025-09-19T07:33:40.723697Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix kmemleak in watchdogcdevregister kmemleak reports memory leaks in watchdogdevregister, as follows: unreferenced object 0xffff888116233000 (size 2048): comm ""modprobe"", pid 28147, jiffies 4353426116 (age 61.741s) hex dump (first 32 bytes): 80 fa b9 05 81 88 ff ff 08 30 23 16 81 88 ff ff .........0#..... 08 30 23 16 81 88 ff ff 00 00 00 00 00 00 00 00 .0#............. backtrace: [<000000007f001ffd>] _kmemcacheallocnode+0x157/0x220 [<000000006a389304>] kmalloctrace+0x21/0x110 [<000000008d640eea>] watchdogdevregister+0x4e/0x780 [watchdog] [<0000000053c9f248>] _watchdogregisterdevice+0x4f0/0x680 [watchdog] [<00000000b2979824>] watchdogregisterdevice+0xd2/0x110 [watchdog] [<000000001f730178>] 0xffffffffc10880ae [<000000007a1a8bcc>] dooneinitcall+0xcb/0x4d0 [<00000000b98be325>] doinitmodule+0x1ca/0x5f0 [<0000000046d08e7c>] loadmodule+0x6133/0x70f0 ... unreferenced object 0xffff888105b9fa80 (size 16): comm ""modprobe"", pid 28147, jiffies 4353426116 (age 61.741s) hex dump (first 16 bytes): 77 61 74 63 68 64 6f 67 31 00 b9 05 81 88 ff ff watchdog1....... backtrace: [<000000007f001ffd>] _kmemcacheallocnode+0x157/0x220 [<00000000486ab89b>] _kmallocnodetrackcaller+0x44/0x1b0 [<000000005a39aab0>] kvasprintf+0xb5/0x140 [<0000000024806f85>] kvasprintfconst+0x55/0x180 [<000000009276cb7f>] kobjectsetnamevargs+0x56/0x150 [<00000000a92e820b>] devsetname+0xab/0xe0 [<00000000cec812c6>] watchdogdevregister+0x285/0x780 [watchdog] [<0000000053c9f248>] _watchdogregisterdevice+0x4f0/0x680 [watchdog] [<00000000b2979824>] watchdogregisterdevice+0xd2/0x110 [watchdog] [<000000001f730178>] 0xffffffffc10880ae [<000000007a1a8bcc>] dooneinitcall+0xcb/0x4d0 [<00000000b98be325>] doinitmodule+0x1ca/0x5f0 [<0000000046d08e7c>] loadmodule+0x6133/0x70f0 ... The reason is that putdevice is not be called if cdevdeviceadd fails and wdd->id != 0. watchdogcdevregister wddata = kzalloc [1] err = devsetname [2] .. err = cdevdeviceadd if (err) { if (wdd->id == 0) { // wdd->id != 0 .. } return err; // [1],[2] would be leaked To fix it, call putdevice in all wdd->id cases.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.178-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1
5.10.127-1
5.10.127-2~bpo10+1
5.10.127-2
5.10.136-1
5.10.140-1
5.10.148-1
5.10.149-1
5.10.149-2
5.10.158-1
5.10.158-2
5.10.162-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.20-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.20-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.20-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}