CVE-2023-53054
📋 TL;DR
This CVE describes a memory leak and resource management vulnerability in the Linux kernel's DWC2 USB driver. Each time a device enters low-power mode (suspend/resume cycles), the driver fails to properly release resources, causing gradual memory exhaustion and regulator reference count inflation. This affects Linux systems using the DWC2 USB controller hardware.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Continuous memory exhaustion leading to kernel OOM (Out of Memory) conditions, system instability, and potential denial of service through resource starvation.
Likely Case
Gradual memory leak causing performance degradation over time, especially on embedded/IoT devices with frequent power state changes, eventually requiring system reboot.
If Mitigated
With proper patching, no impact as the resource management is fixed.
🎯 Exploit Status
Exploitation requires local access to trigger power management operations. No remote exploitation vector identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches (commits: 1f01027c51eb, 6485fc381b65, cba76e1fb896, f747313249b7, ffb8ab6f87bd)
Vendor Advisory: https://git.kernel.org/stable/c/1f01027c51eb16145e8e07fafea3ca07ef102d06
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution vendor. 2. Apply kernel patches manually if compiling from source. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable USB suspend/resume
linuxPrevent USB controller from entering low-power states to avoid triggering the leak
echo 'on' > /sys/bus/usb/devices/*/power/control
echo '0' > /sys/module/usbcore/parameters/autosuspend
Disable DWC2 USB gadget mode
linuxIf not using USB peripheral functionality, disable gadget mode to reduce exposure
modprobe -r dwc2
echo 'blacklist dwc2' > /etc/modprobe.d/disable-dwc2.conf
🧯 If You Can't Patch
- Monitor system memory usage and implement automatic reboot thresholds
- Disable USB suspend features and keep USB controllers in active state
🔍 How to Verify
Check if Vulnerable:
Check if DWC2 driver is loaded and system undergoes suspend/resume: lsmod | grep dwc2 && dmesg | grep -i 'dwc2.*suspend\|resume'Check Version:
uname -rVerify Fix Applied:
Check kernel version includes patched commits: uname -r && zgrep -i 'dwc2.*leak\|CVE-2023-53054' /proc/version /boot/*📡 Detection & Monitoring
Log Indicators:
- Kernel OOM messages
- Increasing memory usage in /proc/meminfo
- devres_log entries showing repeated ADD without REMOVE
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("Out of memory" OR "oom" OR "dwc2" AND "suspend")🔗 References
- https://git.kernel.org/stable/c/1f01027c51eb16145e8e07fafea3ca07ef102d06
- https://git.kernel.org/stable/c/6485fc381b6528b6f547ee1ff10bdbcbe31a6e4c
- https://git.kernel.org/stable/c/cba76e1fb896b573f09f51aa299223276a77bc90
- https://git.kernel.org/stable/c/f747313249b74f323ddf841a9c8db14d989f296a
- https://git.kernel.org/stable/c/ffb8ab6f87bd28d700ab5c20d9d3a7e75067630d
