{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-53271", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-09-16T08:05:12.516Z", "datePublished": "2025-09-16T08:07:00.565Z", "dateUpdated": "2026-05-11T19:41:41.656Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T19:41:41.656Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()\n\nThere is a memory leaks problem reported by kmemleak:\n\nunreferenced object 0xffff888102007a00 (size 128):\n comm \"ubirsvol\", pid 32090, jiffies 4298464136 (age 2361.231s)\n hex dump (first 32 bytes):\nff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................\nff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................\n backtrace:\n[<ffffffff8176cecd>] __kmalloc+0x4d/0x150\n[<ffffffffa02a9a36>] ubi_eba_create_table+0x76/0x170 [ubi]\n[<ffffffffa029764e>] ubi_resize_volume+0x1be/0xbc0 [ubi]\n[<ffffffffa02a3321>] ubi_cdev_ioctl+0x701/0x1850 [ubi]\n[<ffffffff81975d2d>] __x64_sys_ioctl+0x11d/0x170\n[<ffffffff83c142a5>] do_syscall_64+0x35/0x80\n[<ffffffff83e0006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThis is due to a mismatch between create and destroy interfaces, and\nin detail that \"new_eba_tbl\" created by ubi_eba_create_table() but\ndestroyed by kfree(), while will causing \"new_eba_tbl->entries\" not\nfreed.\n\nFix it by replacing kfree(new_eba_tbl) with\nubi_eba_destroy_table(new_eba_tbl)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mtd/ubi/vmt.c"], "versions": [{"version": "799dca34ac543485f581bd8464ec9b1c4f0f852a", "lessThan": "09780a44093b53f9cbca76246af2e4ff0884e512", "status": "affected", "versionType": "git"}, {"version": "799dca34ac543485f581bd8464ec9b1c4f0f852a", "lessThan": "26ec2d66aecab8ff997b912c20247fedba4f5740", "status": "affected", "versionType": "git"}, {"version": "799dca34ac543485f581bd8464ec9b1c4f0f852a", "lessThan": "07b60f7452d2fa731737552937cb81821919f874", "status": "affected", "versionType": "git"}, {"version": "799dca34ac543485f581bd8464ec9b1c4f0f852a", "lessThan": "31d60afe2cc2b712dbefcaab6b7d6a47036f844e", "status": "affected", "versionType": "git"}, {"version": "799dca34ac543485f581bd8464ec9b1c4f0f852a", "lessThan": "95a72417dd13ebcdcb1bd0c5d4d15f7c5bfbb288", "status": "affected", "versionType": "git"}, {"version": "799dca34ac543485f581bd8464ec9b1c4f0f852a", "lessThan": "27b760b81951d8d5e5c952a696af8574052b0709", "status": "affected", "versionType": "git"}, {"version": "799dca34ac543485f581bd8464ec9b1c4f0f852a", "lessThan": "5c0c81a313492b83bd0c038b8839b0e04eb87563", "status": "affected", "versionType": "git"}, {"version": "799dca34ac543485f581bd8464ec9b1c4f0f852a", "lessThan": "1e591ea072df7211f64542a09482b5f81cb3ad27", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mtd/ubi/vmt.c"], "versions": [{"version": "4.9", "status": "affected"}, {"version": "0", "lessThan": "4.9", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.308", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.276", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.235", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.173", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.100", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.18", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2.5", "lessThanOrEqual": "6.2.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "4.14.308"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "4.19.276"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "5.4.235"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "5.10.173"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "5.15.100"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "6.1.18"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "6.2.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "6.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/09780a44093b53f9cbca76246af2e4ff0884e512"}, {"url": "https://git.kernel.org/stable/c/26ec2d66aecab8ff997b912c20247fedba4f5740"}, {"url": "https://git.kernel.org/stable/c/07b60f7452d2fa731737552937cb81821919f874"}, {"url": "https://git.kernel.org/stable/c/31d60afe2cc2b712dbefcaab6b7d6a47036f844e"}, {"url": "https://git.kernel.org/stable/c/95a72417dd13ebcdcb1bd0c5d4d15f7c5bfbb288"}, {"url": "https://git.kernel.org/stable/c/27b760b81951d8d5e5c952a696af8574052b0709"}, {"url": "https://git.kernel.org/stable/c/5c0c81a313492b83bd0c038b8839b0e04eb87563"}, {"url": "https://git.kernel.org/stable/c/1e591ea072df7211f64542a09482b5f81cb3ad27"}], "title": "ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-53271", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-14T18:05:38.759947Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-14T18:12:53.436Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7292C460-000B-4120-B05D-5672751A14E4", "versionEndExcluding": "4.14.308", "versionStartIncluding": "4.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C902FC54-DDBD-4DA6-BFEF-26889A267464", "versionEndExcluding": "4.19.276", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "13DD5E68-8CB4-46EE-9A8F-C7F6C1A84430", "versionEndExcluding": "5.4.235", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D810CFB-B7C5-493C-B98A-0D5F0D8A47B6", "versionEndExcluding": "5.10.173", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D7E5BB5-018B-46B7-A2C4-1ADB75099822", "versionEndExcluding": "5.15.100", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8D24FD5-5A98-4042-9419-39DCFCBEFFF5", "versionEndExcluding": "6.1.18", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0575B33B-A320-4E51-84CA-10C937341E02", "versionEndExcluding": "6.2.5", "versionStartIncluding": "6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()\n\nThere is a memory leaks problem reported by kmemleak:\n\nunreferenced object 0xffff888102007a00 (size 128):\n comm \"ubirsvol\", pid 32090, jiffies 4298464136 (age 2361.231s)\n hex dump (first 32 bytes):\nff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................\nff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................\n backtrace:\n[<ffffffff8176cecd>] __kmalloc+0x4d/0x150\n[<ffffffffa02a9a36>] ubi_eba_create_table+0x76/0x170 [ubi]\n[<ffffffffa029764e>] ubi_resize_volume+0x1be/0xbc0 [ubi]\n[<ffffffffa02a3321>] ubi_cdev_ioctl+0x701/0x1850 [ubi]\n[<ffffffff81975d2d>] __x64_sys_ioctl+0x11d/0x170\n[<ffffffff83c142a5>] do_syscall_64+0x35/0x80\n[<ffffffff83e0006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThis is due to a mismatch between create and destroy interfaces, and\nin detail that \"new_eba_tbl\" created by ubi_eba_create_table() but\ndestroyed by kfree(), while will causing \"new_eba_tbl->entries\" not\nfreed.\n\nFix it by replacing kfree(new_eba_tbl) with\nubi_eba_destroy_table(new_eba_tbl)"}], "id": "CVE-2023-53271", "lastModified": "2026-01-14T19:16:18.013", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-09-16T08:15:35.900", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/07b60f7452d2fa731737552937cb81821919f874"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/09780a44093b53f9cbca76246af2e4ff0884e512"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1e591ea072df7211f64542a09482b5f81cb3ad27"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/26ec2d66aecab8ff997b912c20247fedba4f5740"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/27b760b81951d8d5e5c952a696af8574052b0709"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/31d60afe2cc2b712dbefcaab6b7d6a47036f844e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5c0c81a313492b83bd0c038b8839b0e04eb87563"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/95a72417dd13ebcdcb1bd0c5d4d15f7c5bfbb288"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-401"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()", "id": "2395667", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395667"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2023-53271", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-09-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-53271\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53271\nhttps://lore.kernel.org/linux-cve-announce/2025091603-CVE-2023-53271-5054@gregkh/T"], "threat_severity": "Low"}

{"created": "2025-09-17T10:05:10.706601+00:00", "updated": "2025-09-17T10:05:10.706635+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}