What is the severity of CVE-2023-53136?

CVE-2023-53136 has been classified with a severity level due to a potential risk of memory leaks in the Linux kernel.

How do I fix CVE-2023-53136?

To fix CVE-2023-53136, ensure your Linux kernel is updated to the latest stable version where the vulnerability has been resolved.

What systems are affected by CVE-2023-53136?

CVE-2023-53136 affects various versions of the Linux kernel that utilize the af_unix functionality.

Is CVE-2023-53136 being actively exploited?

As of the latest reports, there is no evidence that CVE-2023-53136 is actively being exploited in the wild.

What are the potential impacts of CVE-2023-53136?

The potential impact of CVE-2023-53136 includes resource leakage leading to increased memory consumption and potential denial of service.

Vulnerability/
CVE-2023-53136

2/5/2025

CVE-2023-53136: af_unix: fix struct pid leaks in OOB support

First published: Fri May 02 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: af_unix: fix struct pid leaks in OOB support syzbot reported struct pid leak [1]. Issue is that queue_oob() calls maybe_add_creds() which potentially holds a reference on a pid. But skb->destructor is not set (either directly or by calling unix_scm_to_skb()) This means that subsequent kfree_skb() or consume_skb() would leak this reference. In this fix, I chose to fully support scm even for the OOB message. [1] BUG: memory leak unreferenced object 0xffff8881053e7f80 (size 128): comm "syz-executor242", pid 5066, jiffies 4294946079 (age 13.220s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff812ae26a>] alloc_pid+0x6a/0x560 kernel/pid.c:180 [<ffffffff812718df>] copy_process+0x169f/0x26c0 kernel/fork.c:2285 [<ffffffff81272b37>] kernel_clone+0xf7/0x610 kernel/fork.c:2684 [<ffffffff812730cc>] __do_sys_clone+0x7c/0xb0 kernel/fork.c:2825 [<ffffffff849ad699>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<ffffffff849ad699>] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 [<ffffffff84a0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-53136?
CVE-2023-53136 has been classified with a severity level due to a potential risk of memory leaks in the Linux kernel.
How do I fix CVE-2023-53136?
To fix CVE-2023-53136, ensure your Linux kernel is updated to the latest stable version where the vulnerability has been resolved.
What systems are affected by CVE-2023-53136?
CVE-2023-53136 affects various versions of the Linux kernel that utilize the af_unix functionality.
Is CVE-2023-53136 being actively exploited?
As of the latest reports, there is no evidence that CVE-2023-53136 is actively being exploited in the wild.
What are the potential impacts of CVE-2023-53136?
The potential impact of CVE-2023-53136 includes resource leakage leading to increased memory consumption and potential denial of service.

collector/mitre-cve
source/MITRE
agent/title
agent/references
agent/type
agent/description
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/author
agent/source
agent/last-modified-date
agent/tags
agent/event
vendor/linux
canonical/linux kernel