Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2023-53396

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/09/2025
Last modified:
19/09/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ubifs: Fix memory leak in do_rename<br /> <br /> If renaming a file in an encrypted directory, function<br /> fscrypt_setup_filename allocates memory for a file name. This name is<br /> never used, and before returning to the caller the memory for it is not<br /> freed.<br /> <br /> When running kmemleak on it we see that it is registered as a leak. The<br /> report below is triggered by a simple program &amp;#39;rename&amp;#39; that renames a<br /> file in an encrypted directory:<br /> <br /> unreferenced object 0xffff888101502840 (size 32):<br /> comm "rename", pid 9404, jiffies 4302582475 (age 435.735s)<br /> backtrace:<br /> __kmem_cache_alloc_node<br /> __kmalloc<br /> fscrypt_setup_filename<br /> do_rename<br /> ubifs_rename<br /> vfs_rename<br /> do_renameat2<br /> <br /> To fix this we can remove the call to fscrypt_setup_filename as it&amp;#39;s not<br /> needed.

Impact

References to Advisories, Solutions, and Tools