2396426 – (CVE-2023-53396) CVE-2023-53396 kernel: ubifs: Fix memory leak in do_rename

Bug 2396426 (CVE-2023-53396) - CVE-2023-53396 kernel: ubifs: Fix memory leak in do_rename

Summary: CVE-2023-53396 kernel: ubifs: Fix memory leak in do_rename

Keywords:
Status:	NEW
Alias:	CVE-2023-53396
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-09-18 14:04 UTC by OSIDB Bzimport
Modified:	2025-09-18 17:23 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-09-18 14:04:22 UTC

In the Linux kernel, the following vulnerability has been resolved:

ubifs: Fix memory leak in do_rename

If renaming a file in an encrypted directory, function
fscrypt_setup_filename allocates memory for a file name. This name is
never used, and before returning to the caller the memory for it is not
freed.

When running kmemleak on it we see that it is registered as a leak. The
report below is triggered by a simple program 'rename' that renames a
file in an encrypted directory:

  unreferenced object 0xffff888101502840 (size 32):
    comm "rename", pid 9404, jiffies 4302582475 (age 435.735s)
    backtrace:
      __kmem_cache_alloc_node
      __kmalloc
      fscrypt_setup_filename
      do_rename
      ubifs_rename
      vfs_rename
      do_renameat2

To fix this we can remove the call to fscrypt_setup_filename as it's not
needed.

Comment 1 Keith Grant 2025-09-18 17:21:15 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025091859-CVE-2023-53396-27d9@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.