CVE-2023-53746
s390/vfio-ap: fix memory leak in vfio_ap device driver
Description
In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: fix memory leak in vfio_ap device driver The device release callback function invoked to release the matrix device uses the dev_get_drvdata(device *dev) function to retrieve the pointer to the vfio_matrix_dev object in order to free its storage. The problem is, this object is not stored as drvdata with the device; since the kfree function will accept a NULL pointer, the memory for the vfio_matrix_dev object is never freed. Since the device being released is contained within the vfio_matrix_dev object, the container_of macro will be used to retrieve its pointer.
INFO
Published Date :
Dec. 8, 2025, 2:15 a.m.
Last Modified :
Dec. 8, 2025, 2:15 a.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
- Apply the kernel patch for s390/vfio-ap memory leak.
- Ensure the vfio_matrix_dev object is correctly freed.
- Verify the fix using dev_get_drvdata.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-53746.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-53746 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-53746
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-53746 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2023-53746 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Dec. 08, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: fix memory leak in vfio_ap device driver The device release callback function invoked to release the matrix device uses the dev_get_drvdata(device *dev) function to retrieve the pointer to the vfio_matrix_dev object in order to free its storage. The problem is, this object is not stored as drvdata with the device; since the kfree function will accept a NULL pointer, the memory for the vfio_matrix_dev object is never freed. Since the device being released is contained within the vfio_matrix_dev object, the container_of macro will be used to retrieve its pointer. Added Reference https://git.kernel.org/stable/c/5195de1d5f66b276683240a896783f7f43c4f664 Added Reference https://git.kernel.org/stable/c/6a40fda14b4be3e38f03cc42ffd4efbc64fb3e67 Added Reference https://git.kernel.org/stable/c/7b6a02f5bf15931464c79dfd487c57f76aae3496 Added Reference https://git.kernel.org/stable/c/8f8cf767589f2131ae5d40f3758429095c701c84 Added Reference https://git.kernel.org/stable/c/aa2bff25e9bb10c935c7ffe3d5f5975bdccb1749 Added Reference https://git.kernel.org/stable/c/ee17dea3072dec0bc34399a32fa884e26342e4ea