vulnerability

Red Hat: CVE-2023-52653: kernel: SUNRPC: fix a memleak in gss_import_v2_context (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	05/01/2024	08/12/2024	04/03/2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

05/01/2024

Added

08/12/2024

Modified

04/03/2025

Description

In the Linux kernel, the following vulnerability has been resolved:

SUNRPC: fix a memleak in gss_import_v2_context

The ctx->mech_used.data allocated by kmemdup is not freed in neither
gss_import_v2_context nor it only caller gss_krb5_import_sec_context,
which frees ctx on error.

Thus, this patch reform the last call of gss_import_v2_context to the
gss_krb5_import_ctx_v2, preventing the memleak while keepping the return
formation.

Solution(s)

redhat-upgrade-kernelredhat-upgrade-kernel-rt

References

NVD-CVE-2023-52653
REDHAT-RHSA-2024:5101
REDHAT-RHSA-2024:5102
REDHAT-RHSA-2025:3510

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today