CVE-2023-53602

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak exists in the ath11k driver related to WMI firmware statistics. Memory allocated for firmware pdev, vdev, and beacon statistics is not released during module removal. The issue is resolved by calling the ath11k fw stats free() function before hardware unregistration. Additionally, the fix avoids calling ath11k fw stats free() while processing firmware stats received in the WMI event to prevent issues with list splicing and reinitialization.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

ALSA-2025_16880

CESA-2023_7077

CVE-2023-53602

RHSA-2023:6583

RHSA-2023:7077

RHSA-2023_6583

RHSA-2023_7077

SUSE-SU-2025:21040-1

SUSE-SU-2025:21052-1

SUSE-SU-2025:21056-1

SUSE-SU-2025:21064-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4128-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4140-1

SUSE-SU-2025:4141-1

SUSE-SU-2025:4301-1

Affected Products

Centos

Debian

Linux Kernel

Red Hat

Suse

Ath11K

CVE-2023-53602

Weakness Enumeration

Related Identifiers

Affected Products

References · 1015