Skip to content

In the Linux kernel, the following vulnerability has been...

Unreviewed Published Sep 18, 2025 to the GitHub Advisory Database • Updated Sep 18, 2025

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

In the Linux kernel, the following vulnerability has been resolved:

ubifs: Fix memory leak in do_rename

If renaming a file in an encrypted directory, function
fscrypt_setup_filename allocates memory for a file name. This name is
never used, and before returning to the caller the memory for it is not
freed.

When running kmemleak on it we see that it is registered as a leak. The
report below is triggered by a simple program 'rename' that renames a
file in an encrypted directory:

unreferenced object 0xffff888101502840 (size 32):
comm "rename", pid 9404, jiffies 4302582475 (age 435.735s)
backtrace:
__kmem_cache_alloc_node
__kmalloc
fscrypt_setup_filename
do_rename
ubifs_rename
vfs_rename
do_renameat2

To fix this we can remove the call to fscrypt_setup_filename as it's not
needed.

References

Published by the National Vulnerability Database Sep 18, 2025
Published to the GitHub Advisory Database Sep 18, 2025
Last updated Sep 18, 2025

Severity

Unknown

EPSS score

Weaknesses

No CWEs

CVE ID

CVE-2023-53396

GHSA ID

GHSA-427x-59vx-vjwq

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.