Memory Leak in Linux Kernel USB Gadget for lpc32xx_udc
CVE-2023-53418

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 September 2025

What is CVE-2023-53418?

A memory leak vulnerability exists in the Linux kernel USB gadget specifically for lpc32xx_udc. This issue arises when the debugfs_lookup() function is called without the accompanying dput() function, which should be invoked to prevent memory allocation issues. Over time, failure to address this can lead to increased memory usage and potential performance degradation. Developers are advised to use debugfs_lookup_and_remove() instead, as it incorporates necessary logic to manage memory correctly.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 036ada6ca9eea926abc0b0ef550b10488d66d4d8

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7a5fdd8660174a8056de57d1fdce3a7e9f77f60e

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 72c25eb9ae4993ccac4821354ff34eb1f32e4781

References

https://git.kernel.org/stable/c/036ada6ca9eea926abc0b0ef5...

https://git.kernel.org/stable/c/7a5fdd8660174a8056de57d1f...

https://git.kernel.org/stable/c/72c25eb9ae4993ccac4821354...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2025
Vulnerability Reserved
Sep 17, 2025