CVE-2023-53602 – This CVE describes a memory leak vulnerability ... (How to Fix)

Q: What is the severity of CVE-2023-53602?

CVE-2023-53602 has a CVSS score of 5.5 (MEDIUM). This CVE describes a memory leak vulnerability in the Linux kernel's ath11k WiFi driver. When unloading the driver module (rmmod), memory allocated for firmware statistics isn't properly freed, leading to gradual memory exhaustion. This affects Linux systems using Qualcomm Atheros ath11k WiFi hardware.

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's ath11k WiFi driver. When unloading the driver module (rmmod), memory allocated for firmware statistics isn't properly freed, leading to gradual memory exhaustion. This affects Linux systems using Qualcomm Atheros ath11k WiFi hardware.

💻 Affected Systems

Products:

Linux kernel with ath11k WiFi driver

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Qualcomm Atheros ath11k WiFi hardware (like QCN9074). Requires driver module to be loaded and unloaded.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could lead to complete system memory exhaustion, causing kernel panics, system crashes, or denial of service requiring physical reboot.

🟠

Likely Case

Gradual memory consumption over time during driver reload cycles, potentially causing system instability or performance degradation.

🟢

If Mitigated

Minimal impact with proper monitoring and regular system maintenance; memory is reclaimed on system reboot.

🌐 Internet-Facing: LOW - Requires local access or driver module manipulation capabilities.

🏢 Internal Only: MEDIUM - Could be exploited by users with sufficient privileges to load/unload kernel modules.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires kernel module manipulation privileges (typically root or CAP_SYS_MODULE). Not remotely exploitable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 55248d36beb79d3a61c9fb3122dc377fff523c89, 6aafa1c2d3e3fea2ebe84c018003f2a91722e607, or 86f9330a49d1464849482298dd34d361859183eb

Vendor Advisory: https://git.kernel.org/stable/c/55248d36beb79d3a61c9fb3122dc377fff523c89

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify ath11k driver loads correctly.

🔧 Temporary Workarounds

Avoid driver unloading

linux

Prevent unloading of ath11k kernel module to avoid triggering the memory leak

echo 'install ath11k /bin/false' >> /etc/modprobe.d/ath11k.conf

🧯 If You Can't Patch

Monitor system memory usage and restart if memory exhaustion is detected
Avoid unloading/reloading ath11k driver module unless absolutely necessary

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if ath11k module is loaded: uname -r && lsmod | grep ath11k

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits or is newer than vulnerable versions

📡 Detection & Monitoring

Log Indicators:

Kernel oom-killer messages
System memory exhaustion warnings
Driver module load/unload events

Network Indicators:

None - this is a local memory management issue

SIEM Query:

Search for: 'ath11k' AND ('rmmod' OR 'module unload') AND ('memory' OR 'oom')

📊 Metadata

CVE ID: CVE-2023-53602

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.02% exploit probability (5.4th percentile)

Published: October 4, 2025

Last Updated: February 6, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53602, you might also want to check these: