PT-2025-40774 · Linux+3 · Linux Kernel+3

Published

2023-06-29

Updated

2025-12-04

CVE-2023-53611

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak was identified and resolved in the try smi init() function within the ipmi si module of the Linux kernel. The issue occurred when an error happened during handler registration after allocating memory for new smi->si sm, leading to the memory not being freed due to shutdown smi() not being registered yet. The fix involves adding a kfree() call in the error handling path of the try smi init() function. The kmalloc function and the do one initcall function are involved in the call stack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-404

Related Identifiers

ALSA-2025_16880

BDU:2026-04331

CESA-2024_3138

CVE-2023-53611

RHSA-2024:2394

RHSA-2024:3138

RHSA-2024_2394

RHSA-2024_3138

SUSE-SU-2025:21040-1

SUSE-SU-2025:21052-1

SUSE-SU-2025:21056-1

SUSE-SU-2025:21064-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4111-1

SUSE-SU-2025:4128-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4139-1

SUSE-SU-2025:4140-1

SUSE-SU-2025:4141-1

SUSE-SU-2025:4149-1

SUSE-SU-2025:4189-1

SUSE-SU-2025:4301-1

SUSE-SU-2025:4320-1

Affected Products

Centos

Linux Kernel

Red Hat

Suse

PT-2025-40774 · Linux+3 · Linux Kernel+3

CVE-2023-53611

Weakness Enumeration

Related Identifiers

Affected Products

References · 1396