CVE-2023-53261 – A memory leak vulnerability in the Linux kernel... (How to Fix)

Q: What is the severity of CVE-2023-53261?

CVE-2023-53261 has a CVSS score of 5.5 (MEDIUM). A memory leak vulnerability in the Linux kernel's CoreSight subsystem where ACPI buffer memory isn't properly freed after use. This affects Linux systems using CoreSight hardware tracing with ACPI firmware tables. The vulnerability allows gradual memory exhaustion over time.

📋 TL;DR

A memory leak vulnerability in the Linux kernel's CoreSight subsystem where ACPI buffer memory isn't properly freed after use. This affects Linux systems using CoreSight hardware tracing with ACPI firmware tables. The vulnerability allows gradual memory exhaustion over time.

💻 Affected Systems

Products:

Linux kernel with CoreSight subsystem enabled

Versions: Linux kernel versions before the fix commits

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if CoreSight subsystem is enabled and ACPI firmware tables are used

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System memory exhaustion leading to denial of service, system instability, or crashes requiring reboot

🟠

Likely Case

Gradual memory consumption over time, potentially affecting system performance and stability

🟢

If Mitigated

Minimal impact with proper monitoring and memory limits in place

🌐 Internet-Facing: LOW - Requires local access or kernel module loading

🏢 Internal Only: MEDIUM - Could be exploited by local users or through other kernel vulnerabilities

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to trigger CoreSight ACPI operations, typically through local access or kernel module loading

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 1a9e02673e2550f5612099e64e8761f0c8fc0f50 or d1b60e7c9fee34eaedf1fc4e0471f75b33f83a4a

Vendor Advisory: https://git.kernel.org/stable/c/1a9e02673e2550f5612099e64e8761f0c8fc0f50

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify CoreSight functionality if used.

🔧 Temporary Workarounds

Disable CoreSight subsystem

all

Prevent exploitation by disabling the vulnerable subsystem

echo 'blacklist coresight' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

Implement memory monitoring and alerting for unusual consumption patterns
Restrict local user access and kernel module loading capabilities

🔍 How to Verify

Check if Vulnerable:

Check if CoreSight modules are loaded: lsmod | grep coresight

Check Version:

uname -r

Verify Fix Applied:

Check kernel version contains fix commits: uname -r and verify against patched versions

📡 Detection & Monitoring

Log Indicators:

Kernel OOM (Out of Memory) messages
System memory exhaustion warnings
CoreSight subsystem errors

Network Indicators:

None - local vulnerability only

SIEM Query:

search 'kernel: Out of memory' OR 'kernel: oom-killer' OR 'systemd-udevd memory leak'

📊 Metadata

CVE ID: CVE-2023-53261

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.02% exploit probability (4.5th percentile)

Published: September 15, 2025

Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53261, you might also want to check these: