{
  "threat_severity" : "Low",
  "public_date" : "2025-10-07T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: clk: Fix memory leak in devm_clk_notifier_register()",
    "id" : "2402263",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2402263"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nclk: Fix memory leak in devm_clk_notifier_register()\ndevm_clk_notifier_register() allocates a devres resource for clk\nnotifier but didn't register that to the device, so the notifier didn't\nget unregistered on device detach and the allocated resource was leaked.\nFix the issue by registering the resource through devres_add().\nThis issue was found with kmemleak on a Chromebook.", "A resource-management flaw was found in the Linux kernel Common Clock Framework. The device-managed clock notifier registration function failed to register its allocated resource, preventing cleanup on device detach. \nA local user repeatedly binding and unbinding devices could cause memory leaks and eventual denial of service." ],
  "statement" : "The device-managed notifier helper allocated memory but did not register it with the device’s resource list, leaving it unreleased at teardown. The fix registers the resource through the device manager so it is automatically freed when the device is removed.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53674\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53674\nhttps://lore.kernel.org/linux-cve-announce/2025100706-CVE-2023-53674-af85@gregkh/T" ],
  "name" : "CVE-2023-53674",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent module clk from being loaded.\nPlease see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
    "lang" : "en:us"
  },
  "csaw" : false
}