AZL-59595

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59595.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-59595

Upstream

CVE-2023-52653

Published

2024-05-01T13:15:48Z

Modified

2026-04-01T05:19:30.756654Z

Summary

CVE-2023-52653 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

SUNRPC: fix a memleak in gssimportv2_context

The ctx->mechused.data allocated by kmemdup is not freed in neither gssimportv2context nor it only caller gsskrb5importseccontext, which frees ctx on error.

Thus, this patch reform the last call of gssimportv2context to the gsskrb5importctx_v2, preventing the memleak while keepping the return formation.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-52653

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59595.json"