CVE-2023-53261 in Linux
Summary
by MITRE • 09/15/2025
In the Linux kernel, the following vulnerability has been resolved:
coresight: Fix memory leak in acpi_buffer->pointer
There are memory leaks reported by kmemleak: ... unreferenced object 0xffff00213c141000 (size 1024): comm "systemd-udevd", pid 2123, jiffies 4294909467 (age 6062.160s) hex dump (first 32 bytes): 04 00 00 00 02 00 00 00 18 10 14 3c 21 00 ff ff ...........<!... 00 00 00 00 00 00 00 00 03 00 00 00 10 00 00 00 ................ backtrace: [<000000004b7c9001>] __kmem_cache_alloc_node+0x2f8/0x348
[<00000000b0fc7ceb>] __kmalloc+0x58/0x108
[<0000000064ff4695>] acpi_os_allocate+0x2c/0x68
[<000000007d57d116>] acpi_ut_initialize_buffer+0x54/0xe0
[<0000000024583908>] acpi_evaluate_object+0x388/0x438
[<0000000017b2e72b>] acpi_evaluate_object_typed+0xe8/0x240
[<000000005df0eac2>] coresight_get_platform_data+0x1b4/0x988 [coresight]
...
The ACPI buffer memory (buf.pointer) should be freed. But the buffer is also used after returning from acpi_get_dsd_graph(). Move the temporary variables buf to acpi_coresight_parse_graph(), and free it before the function return to prevent memory leak.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/11/2026
The vulnerability CVE-2023-53261 represents a memory leak in the Linux kernel's coresight subsystem that occurs during ACPI buffer handling. This issue specifically affects the acpi_buffer->pointer management within the coresight platform data retrieval mechanism. The memory leak manifests when the kernel fails to properly release allocated memory resources after processing ACPI device tree structures, creating unreferenced memory objects that persist in the system. The kmemleak subsystem detected this issue by identifying an unreferenced object of 1024 bytes with a backtrace showing the allocation path through acpi_os_allocate and acpi_ut_initialize_buffer functions. This memory leak is particularly concerning as it occurs during system initialization processes handled by systemd-udevd, indicating potential impacts on system stability and resource consumption over time.
The technical flaw stems from improper memory management within the coresight subsystem where temporary ACPI buffer structures are allocated but not properly deallocated before function return. The vulnerability occurs in the coresight_get_platform_data function when processing ACPI device tree data structures, specifically in the acpi_get_dsd_graph() call sequence. The buffer allocation happens through standard kernel memory allocation paths including __kmem_cache_alloc_node and __kmalloc functions, but the cleanup operation is deferred until after the buffer is used, creating a window where the memory remains allocated even though it's no longer needed. This pattern violates standard memory management practices and creates a resource leak that can accumulate over time, particularly in systems with frequent device enumeration or coresight initialization operations. The issue is classified under CWE-401: Improper Release of Memory Before Removing Last Reference, which directly addresses memory management flaws in kernel subsystems.
The operational impact of this vulnerability extends beyond simple memory consumption as it can lead to progressive system degradation and potential stability issues in embedded systems or servers running extensive coresight monitoring configurations. The memory leak affects the coresight subsystem responsible for tracing and debugging capabilities in ARM-based systems, which are commonly used in mobile devices, embedded platforms, and server environments where performance monitoring is critical. Systems running with frequent device hot-plugging or coresight initialization events will experience increasing memory pressure, potentially leading to memory exhaustion under sustained load conditions. The vulnerability is particularly relevant in environments where systemd-udevd processes are actively managing device events, as indicated by the specific process name in the kmemleak output, suggesting that device management activities can trigger this memory leak pattern repeatedly.
The recommended mitigation strategy involves modifying the coresight subsystem code to ensure proper buffer cleanup before function return, specifically by moving temporary buffer variables into the acpi_coresight_parse_graph() function scope and explicitly freeing them before the function exits. This approach aligns with the ATT&CK framework's defense evasion techniques by ensuring proper resource management and preventing information disclosure through memory leaks. The fix should implement a structured approach to memory allocation and deallocation that follows kernel memory management best practices, ensuring that all allocated buffers are properly released regardless of execution path. Additionally, system administrators should monitor for memory leaks in systems with active coresight monitoring and consider kernel updates that include this specific fix. The mitigation should also include implementing memory leak detection in production environments to identify similar issues in other kernel subsystems that may be subject to similar memory management patterns.