In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: fix a memleak in gssimportv2_context
The ctx->mechused.data allocated by kmemdup is not freed in neither gssimportv2context nor it only caller gsskrb5importseccontext, which frees ctx on error.
Thus, this patch reform the last call of gssimportv2context to the gsskrb5importctx_v2, preventing the memleak while keepping the return formation.
{ "vanir_signatures": [ { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e67b652d8e8591d3b1e569dbcdfcee15993e91fa", "signature_type": "Line", "target": { "file": "net/sunrpc/auth_gss/gss_krb5_mech.c" }, "deprecated": false, "digest": { "line_hashes": [ "173506516816324947173723450724157025787", "3034335118138879059068312480021034585", "99919332928848975673383368139348052973", "332317091624075693956511099886703726643", "289683564644458540335370302926211646780", "276807936675439500898209930596972491673", "54216779299783857196709998929477266415", "68532023785045782728477247344711864507" ], "threshold": 0.9 }, "id": "CVE-2023-52653-05de2ac6" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e67b652d8e8591d3b1e569dbcdfcee15993e91fa", "signature_type": "Function", "target": { "function": "gss_import_v2_context", "file": "net/sunrpc/auth_gss/gss_krb5_mech.c" }, "deprecated": false, "digest": { "length": 1767.0, "function_hash": "292519427885456730289565905920180027460" }, "id": "CVE-2023-52653-3be1d878" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d111e30d9cd846bb368faf3637dc0f71fcbcf822", "signature_type": "Line", "target": { "file": "net/sunrpc/auth_gss/gss_krb5_mech.c" }, "deprecated": false, "digest": { "line_hashes": [ "173506516816324947173723450724157025787", "3034335118138879059068312480021034585", "99919332928848975673383368139348052973", "332317091624075693956511099886703726643", "289683564644458540335370302926211646780", "276807936675439500898209930596972491673", "54216779299783857196709998929477266415", "68532023785045782728477247344711864507" ], "threshold": 0.9 }, "id": "CVE-2023-52653-3f4dfdee" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@99044c01ed5329e73651c054d8a4baacdbb1a27c", "signature_type": "Function", "target": { "function": "gss_import_v2_context", "file": "net/sunrpc/auth_gss/gss_krb5_mech.c" }, "deprecated": false, "digest": { "length": 1767.0, "function_hash": "292519427885456730289565905920180027460" }, "id": "CVE-2023-52653-5dcc61a6" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d111e30d9cd846bb368faf3637dc0f71fcbcf822", "signature_type": "Function", "target": { "function": "gss_import_v2_context", "file": "net/sunrpc/auth_gss/gss_krb5_mech.c" }, "deprecated": false, "digest": { "length": 1767.0, "function_hash": "292519427885456730289565905920180027460" }, "id": "CVE-2023-52653-82bea2ee" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@99044c01ed5329e73651c054d8a4baacdbb1a27c", "signature_type": "Line", "target": { "file": "net/sunrpc/auth_gss/gss_krb5_mech.c" }, "deprecated": false, "digest": { "line_hashes": [ "173506516816324947173723450724157025787", "3034335118138879059068312480021034585", "99919332928848975673383368139348052973", "332317091624075693956511099886703726643", "289683564644458540335370302926211646780", "276807936675439500898209930596972491673", "54216779299783857196709998929477266415", "68532023785045782728477247344711864507" ], "threshold": 0.9 }, "id": "CVE-2023-52653-ad272818" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@47ac11db93e74ac49cd6c3fc69bcbc5964c4a8b4", "signature_type": "Line", "target": { "file": "net/sunrpc/auth_gss/gss_krb5_mech.c" }, "deprecated": false, "digest": { "line_hashes": [ "173506516816324947173723450724157025787", "3034335118138879059068312480021034585", "99919332928848975673383368139348052973", "332317091624075693956511099886703726643", "289683564644458540335370302926211646780", "276807936675439500898209930596972491673", "54216779299783857196709998929477266415", "68532023785045782728477247344711864507" ], "threshold": 0.9 }, "id": "CVE-2023-52653-d20eccea" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@47ac11db93e74ac49cd6c3fc69bcbc5964c4a8b4", "signature_type": "Function", "target": { "function": "gss_import_v2_context", "file": "net/sunrpc/auth_gss/gss_krb5_mech.c" }, "deprecated": false, "digest": { "length": 1767.0, "function_hash": "292519427885456730289565905920180027460" }, "id": "CVE-2023-52653-dfd55def" } ] }