SB2025050317 - Memory leak in Linux kernel usb dwc2 driver
Published: May 3, 2025 Updated: May 10, 2025
Security Bulletin ID
SB2025050317
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2023-53054)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dwc2_get_dr_mode(), __dwc2_lowlevel_hw_enable() and __dwc2_lowlevel_hw_disable() functions in drivers/usb/dwc2/platform.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1f01027c51eb16145e8e07fafea3ca07ef102d06
- https://git.kernel.org/stable/c/6485fc381b6528b6f547ee1ff10bdbcbe31a6e4c
- https://git.kernel.org/stable/c/cba76e1fb896b573f09f51aa299223276a77bc90
- https://git.kernel.org/stable/c/f747313249b74f323ddf841a9c8db14d989f296a
- https://git.kernel.org/stable/c/ffb8ab6f87bd28d700ab5c20d9d3a7e75067630d
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.22