THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2023-52653

SUNRPC: fix a memleak in gss_import_v2_context

Reserved:2024-03-06
Published:2024-05-01
Updated:2024-06-06

Description

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix a memleak in gss_import_v2_context The ctx->mech_used.data allocated by kmemdup is not freed in neither gss_import_v2_context nor it only caller gss_krb5_import_sec_context, which frees ctx on error. Thus, this patch reform the last call of gss_import_v2_context to the gss_krb5_import_ctx_v2, preventing the memleak while keepping the return formation.

Product status

Default status
unaffected

47d848077629 before 99044c01ed53
affected

47d848077629 before 47ac11db93e7
affected

47d848077629 before d111e30d9cd8
affected

47d848077629 before e67b652d8e85
affected

Default status
affected

2.6.35
affected

Any version before 2.6.35
unaffected

6.6.23
unaffected

6.7.11
unaffected

6.8.2
unaffected

6.9
unaffected

References

https://git.kernel.org/stable/c/99044c01ed5329e73651c054d8a4baacdbb1a27c

https://git.kernel.org/stable/c/47ac11db93e74ac49cd6c3fc69bcbc5964c4a8b4

https://git.kernel.org/stable/c/d111e30d9cd846bb368faf3637dc0f71fcbcf822

https://git.kernel.org/stable/c/e67b652d8e8591d3b1e569dbcdfcee15993e91fa

cve.org CVE-2023-52653

nvd.nist.gov CVE-2023-52653

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-52653