CVE-2023-53674

low-risk

Published 2025-10-07

In the Linux kernel, the following vulnerability has been resolved: clk: Fix memory leak in devm_clk_notifier_register() devm_clk_notifier_register() allocates a devres resource for clk notifier but didn't register that to the device, so the notifier didn't get unregistered on device detach and the allocated resource was leaked. Fix the issue by registering the resource through devres_add(). This issue was found with kmemleak on a Chromebook.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (5)

Patch https://git.kernel.org/stable/c/49451db71b746df990888068961f1033f7c9b734

Patch https://git.kernel.org/stable/c/7fb933e56f77a57ef7cfc59fc34cbbf1b1fa31ff

Patch https://git.kernel.org/stable/c/a326cf0107b197e649bbaa2a2b1355894826ce32

Patch https://git.kernel.org/stable/c/cb1b04fd4283fc8f9acefe0ddc61ba072ed44877

Patch https://git.kernel.org/stable/c/efbbda79b2881a04dcd0e8f28634933d79e17e49

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal