CVE-2023-53611— ipmi_si: fix a memleak in try_smi_init()
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-53611
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ipmi_si: fix a memleak in try_smi_init()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ipmi_si: fix a memleak in try_smi_init() Kmemleak reported the following leak info in try_smi_init(): unreferenced object 0xffff00018ecf9400 (size 1024): comm "modprobe", pid 2707763, jiffies 4300851415 (age 773.308s) backtrace: [<000000004ca5b312>] __kmalloc+0x4b8/0x7b0 [<00000000953b1072>] try_smi_init+0x148/0x5dc [ipmi_si] [<000000006460d325>] 0xffff800081b10148 [<0000000039206ea5>] do_one_initcall+0x64/0x2a4 [<00000000601399ce>] do_init_module+0x50/0x300 [<000000003c12ba3c>] load_module+0x7a8/0x9e0 [<00000000c246fffe>] __se_sys_init_module+0x104/0x180 [<00000000eea99093>] __arm64_sys_init_module+0x24/0x30 [<0000000021b1ef87>] el0_svc_common.constprop.0+0x94/0x250 [<0000000070f4f8b7>] do_el0_svc+0x48/0xe0 [<000000005a05337f>] el0_svc+0x24/0x3c [<000000005eb248d6>] el0_sync_handler+0x160/0x164 [<0000000030a59039>] el0_sync+0x160/0x180 The problem was that when an error occurred before handlers registration and after allocating `new_smi->si_sm`, the variable wouldn't be freed in the error handling afterwards since `shutdown_smi()` hadn't been registered yet. Fix it by adding a `kfree()` in the error handling path in `try_smi_init()`.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于try_smi_init函数存在内存泄漏。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2023-53611
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-53611
请登录查看更多情报信息。
Same Patch Batch · Linux · 2025-10-04 · 144 CVEs total
| CVE-2025-39946 | 9.8 CRITICAL | tls: make sure to abort the stream if headers are bogus |
| CVE-2022-50489 | drm/mipi-dsi: Detach devices when removing the host | |
| CVE-2023-53580 | USB: Gadget: core: Help prevent panic during UVC unconfigure | |
| CVE-2022-50507 | fs/ntfs3: Validate data run offset | |
| CVE-2022-50508 | wifi: mt76: mt76x0: fix oob access in mt76x0_phy_get_target_power | |
| CVE-2022-50506 | drbd: only clone bio if we have a backing device | |
| CVE-2022-50504 | powerpc/rtas: avoid scheduling in rtas_os_term() | |
| CVE-2022-50505 | iommu/amd: Fix pci device refcount leak in ppr_notifier() | |
| CVE-2022-50503 | mtd: lpddr2_nvm: Fix possible null-ptr-deref | |
| CVE-2022-50501 | media: coda: Add check for dcoda_iram_alloc | |
| CVE-2022-50500 | netdevsim: fix memory leak in nsim_drv_probe() when nsim_dev_resources_register() failed | |
| CVE-2022-50499 | media: dvb-core: Fix double free in dvb_register_device() | |
| CVE-2022-50497 | binfmt_misc: fix shift-out-of-bounds in check_special_flags | |
| CVE-2022-50498 | eth: alx: take rtnl_lock on resume | |
| CVE-2022-50496 | dm cache: Fix UAF in destroy() | |
| CVE-2022-50494 | thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash | |
| CVE-2022-50493 | scsi: qla2xxx: Fix crash when I/O abort times out | |
| CVE-2022-50492 | drm/msm: fix use-after-free on probe deferral | |
| CVE-2022-50490 | bpf: Propagate error from htab_lock_bucket() to userspace | |
| CVE-2023-53570 | wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems() |
Showing top 20 of 144 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
Same vendor: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. Comments for CVE-2023-53611
No comments yet