vulnerability

Red Hat: CVE-2023-52653: kernel: SUNRPC: fix a memleak in gss_import_v2_context (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	May 1, 2024	Aug 12, 2024	Mar 27, 2026

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

May 1, 2024

Added

Aug 12, 2024

Modified

Mar 27, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

SUNRPC: fix a memleak in gss_import_v2_context

The ctx->mech_used.data allocated by kmemdup is not freed in neither
gss_import_v2_context nor it only caller gss_krb5_import_sec_context,
which frees ctx on error.

Thus, this patch reform the last call of gss_import_v2_context to the
gss_krb5_import_ctx_v2, preventing the memleak while keepping the return
formation.

Solutions

redhat-upgrade-kernelredhat-upgrade-kernel-rt

References

CWE-401
EUVD-EUVD-2023-57277
NVD-CVE-2023-52653
REDHAT-RHSA-2024:5101
REDHAT-RHSA-2024:5102
REDHAT-RHSA-2025:3510
https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-57277

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report