PT-2024-14680 · Linux+8 · Linux Kernel+8

Published

2023-12-24

·

Updated

2026-05-26

·

CVE-2023-52653

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A memory leak has been resolved in the Linux kernel, specifically in the SUNRPC component. The issue occurred because the ctx->mech used.data allocated by kmemdup was not freed in either gss import v2 context or its only caller gss krb5 import sec context, which frees ctx on error. The patch reforms the last call of gss import v2 context to gss krb5 import ctx v2, preventing the memory leak while keeping the return formation.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALSA-2024:5101
ALSA-2024:5102
ALSA-2025_16880
AZL-59595
BDU:2025-14292
CESA-2024_5101
CESA-2024_5102
CVE-2023-52653
ECHO-BF76-E71C-0EBC
INFSA-2024_5101
INFSA-2024_5102
OESA-2024-1677
OESA-2024-1678
OESA-2024-1682
RHSA-2024:5101
RHSA-2024:5102
RHSA-2024_5101
RHSA-2024_5102
RHSA-2025:3510
RLSA-2024:5101
RLSA-2024:5102
RXSA-2024:5101
SUSE-SU-2024:1643-1
SUSE-SU-2024:1646-1
SUSE-SU-2024:1870-1
SUSE-SU-2024:1983-1
SUSE-SU-2024:2008-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2184-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:0834-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20249-1
SUSE-SU-2025_0834-1
USN-6816-1
USN-6817-1
USN-6817-2
USN-6817-3
USN-6878-1

Affected Products

Almalinux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu