SB2025091647 - Memory leak in Linux kernel bpf
Published: September 16, 2025 Updated: September 22, 2025
Security Bulletin ID
SB2025091647
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2023-53221)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bpf_trampoline_get_progs() and bpf_trampoline_update() functions in kernel/bpf/trampoline.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/108598c39eefbedc9882273ac0df96127a629220
- https://git.kernel.org/stable/c/20109ddd5bea2c24d790debf5d02584ef24c3f5e
- https://git.kernel.org/stable/c/6aa27775db63ba8c7c73891c7dfb71ddc230c48d
- https://git.kernel.org/stable/c/f72c67d1a82dada7d6d504c806e111e913721a30
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.13