SB2025050313 - Memory leak in Linux kernel net usb driver
Published: May 3, 2025 Updated: May 10, 2025
Security Bulletin ID
SB2025050313
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2023-53125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smsc75xx_rx_fixup() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/105db6574281e1e03fcbf87983f4fee111682306
- https://git.kernel.org/stable/c/4a4de0a68b18485c68ab4f0cfa665b1633c6d277
- https://git.kernel.org/stable/c/53966d572d056d6b234cfe76a5f9d60049d3c178
- https://git.kernel.org/stable/c/8ee5df9c039e37b9d8eb5e3de08bfb7f53d31cb6
- https://git.kernel.org/stable/c/9fabdd79051a9fe51388df099aff6e4b660fedd2
- https://git.kernel.org/stable/c/c7bdc137ca163b90917c1eeba4f1937684bd4f8b
- https://git.kernel.org/stable/c/d8b228318935044dafe3a5bc07ee71a1f1424b8d
- https://git.kernel.org/stable/c/e294f0aa47e4844f3d3c8766c02accd5a76a7d4e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.176