CVE-2023-53181
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-53181
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53181.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53181
- Downstream
- Related
- Published
- 2025-09-15T14:04:32Z
- Modified
- 2025-10-15T05:55:32.058276Z
- Summary
- dma-buf/dma-resv: Stop leaking on krealloc() failure
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
dma-buf/dma-resv: Stop leaking on krealloc() failure
Currently dmaresvgetfences() will leak the previously allocated array if the fence iteration got restarted and the kreallocarray() fails.
Free the old array by hand, and make sure we still clear the returned *fences so the caller won't end up accessing freed memory. Some (but not all) of the callers of dmaresvgetfences() seem to still trawl through the array even when dmaresvgetfences() failed. And let's zero out *num_fences as well for good measure.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd3c80698c9f58a0683badf78793eebaa0c71afbdFixed19e7b9f1f7e1cb92a4cc53b4c064f7fb4b1f1983
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd3c80698c9f58a0683badf78793eebaa0c71afbdFixed819656cc03dec7f7f7800274dfbc8eb49f888e9f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd3c80698c9f58a0683badf78793eebaa0c71afbdFixed05abb3be91d8788328231ee02973ab3d47f5e3d2
Affected versions
v5.*
v5.15
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.4.1
v6.4.2
v6.4.3
v6.4.4
v6.4.5
v6.4.6
v6.5-rc1
Database specific
{
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "drivers/dma-buf/dma-resv.c",
"function": "dma_resv_get_fences"
},
"signature_version": "v1",
"digest": {
"length": 605.0,
"function_hash": "156492106239727701739928683099522473518"
},
"id": "CVE-2023-53181-0063df68",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@05abb3be91d8788328231ee02973ab3d47f5e3d2"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/dma-buf/dma-resv.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"217519021540712100480791986335717191264",
"128742270580323602259258180975464069321",
"336182759583220440578706912712026988329",
"71294354548981674930064285507999956274",
"216399413338972364509352577791932376329",
"215298313851397293358727487454954010666",
"319212981479384136679493776051656338707",
"100093276184667221098876498987095020491",
"253249948697840369899460959870932591547",
"150444377400003713431658298210231585878",
"834906256950465014843450315035921228",
"28951727050832737085344834538150440544",
"19216561765939985830384061792567134957",
"302294126381700270599360106992760199208"
],
"threshold": 0.9
},
"id": "CVE-2023-53181-1132e2f4",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@19e7b9f1f7e1cb92a4cc53b4c064f7fb4b1f1983"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "drivers/dma-buf/dma-resv.c",
"function": "dma_resv_get_fences"
},
"signature_version": "v1",
"digest": {
"length": 605.0,
"function_hash": "156492106239727701739928683099522473518"
},
"id": "CVE-2023-53181-373d4d47",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@819656cc03dec7f7f7800274dfbc8eb49f888e9f"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/dma-buf/dma-resv.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"217519021540712100480791986335717191264",
"128742270580323602259258180975464069321",
"336182759583220440578706912712026988329",
"71294354548981674930064285507999956274",
"216399413338972364509352577791932376329",
"215298313851397293358727487454954010666",
"319212981479384136679493776051656338707",
"100093276184667221098876498987095020491",
"253249948697840369899460959870932591547",
"150444377400003713431658298210231585878",
"834906256950465014843450315035921228",
"28951727050832737085344834538150440544",
"19216561765939985830384061792567134957",
"302294126381700270599360106992760199208"
],
"threshold": 0.9
},
"id": "CVE-2023-53181-6d94596a",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@819656cc03dec7f7f7800274dfbc8eb49f888e9f"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/dma-buf/dma-resv.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"217519021540712100480791986335717191264",
"128742270580323602259258180975464069321",
"336182759583220440578706912712026988329",
"71294354548981674930064285507999956274",
"216399413338972364509352577791932376329",
"215298313851397293358727487454954010666",
"319212981479384136679493776051656338707",
"100093276184667221098876498987095020491",
"253249948697840369899460959870932591547",
"150444377400003713431658298210231585878",
"834906256950465014843450315035921228",
"28951727050832737085344834538150440544",
"19216561765939985830384061792567134957",
"302294126381700270599360106992760199208"
],
"threshold": 0.9
},
"id": "CVE-2023-53181-7961aaf4",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@05abb3be91d8788328231ee02973ab3d47f5e3d2"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "drivers/dma-buf/dma-resv.c",
"function": "dma_resv_get_fences"
},
"signature_version": "v1",
"digest": {
"length": 605.0,
"function_hash": "156492106239727701739928683099522473518"
},
"id": "CVE-2023-53181-bd8c7855",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@19e7b9f1f7e1cb92a4cc53b4c064f7fb4b1f1983"
}
]
}