Login Sign Up

CVE-2023-53505

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's Tegra EMC clock driver. If triggered, it could lead to gradual memory exhaustion on affected systems. This primarily affects devices using NVIDIA Tegra processors with specific Linux kernel versions.

💻 Affected Systems

Products:
  • Linux kernel with Tegra EMC driver
Versions: Specific kernel versions containing the vulnerable code (check git commits for exact ranges)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with NVIDIA Tegra processors (particularly Tegra124) where the EMC clock driver is loaded.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could cause kernel memory exhaustion leading to system instability, crashes, or denial of service conditions.

🟠

Likely Case

Intermittent memory leaks causing gradual performance degradation over time, potentially requiring system reboots.

🟢

If Mitigated

Minimal impact with proper monitoring and memory management controls in place.

🌐 Internet-Facing: LOW - Requires local access or kernel-level compromise to trigger.
🏢 Internal Only: MEDIUM - Could affect system stability on internal devices using affected Tegra hardware.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Requires kernel-level access or ability to trigger specific error conditions in the EMC driver.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the git commits referenced in CVE

Vendor Advisory: https://git.kernel.org/stable/c/404e9f741acfb188212f7142d91e247630dd77cc

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Disable Tegra EMC driver

linux

Remove or blacklist the tegra124-emc driver if not required

echo 'blacklist tegra124-emc' >> /etc/modprobe.d/blacklist.conf
rmmod tegra124-emc

🧯 If You Can't Patch

  • Implement memory usage monitoring and alerting for kernel memory
  • Schedule regular system reboots to clear accumulated memory leaks

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if tegra124-emc module is loaded: lsmod | grep tegra124-emc

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated beyond vulnerable commits and check dmesg for memory leak warnings

📡 Detection & Monitoring

Log Indicators:

  • Kernel oom-killer messages
  • Increasing kernel memory usage in /proc/meminfo
  • dmesg warnings about memory allocation failures

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("out of memory" OR "oom-killer" OR "memory allocation failure")

📊 Metadata

CVE ID: CVE-2023-53505
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
EPSS Score: 0.02% exploit probability (5.5th percentile)
Published: October 1, 2025
Last Updated: January 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53505, you might also want to check these:

CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)
CVE-2024-25450 8.8

CVE-2024-25450 is a memory allocation vulnerability in imlib2 v1.9.1's init_imlib_fonts() function t...

Same vulnerability type (CWE-401)