CVE-2023-53594

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A resource leak exists within the driver core, specifically in the device add() function. When kobject add() fails during the device add() process, the cleanup glue dir() function is called to free resources. However, the dev->kobj.parent is set to NULL before this call, leading to a resource leak. This issue can manifest as an inability to load modules, such as mac80211 hwsim.ko, and results in an error message indicating a duplicate filename in the sysfs directory. The process involves calls to get device parent(), class dir create and add(), kobject add(), and device add().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-121

Related Identifiers

ALSA-2025_16880

BDU:2026-04438

CESA-2023_7077

CVE-2023-53594

OESA-2026-1341

RHSA-2023:6583

RHSA-2023:7077

RHSA-2023_6583

RHSA-2023_7077

SUSE-SU-2025:4111-1

SUSE-SU-2025:4139-1

SUSE-SU-2025:4149-1

SUSE-SU-2025:4189-1

SUSE-SU-2025:4320-1

Affected Products

Centos

Debian

Linux Kernel

Red Hat

Suse

Mac80211 Hwsim.Ko

CVE-2023-53594

Weakness Enumeration

Related Identifiers

Affected Products

References · 676