CVE-2023-53719 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

serial: arc_uart: fix of_iomap leak in `arc_serial_probe`

Smatch reports:

drivers/tty/serial/arc_uart.c:631 arc_serial_probe() warn:
'port->membase' from of_iomap() not released on lines: 631.

In arc_serial_probe(), if uart_add_one_port() fails,
port->membase is not released, which would cause a resource leak.

To fix this, I replace of_iomap with devm_platform_ioremap_resource.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a`	affected	< 3f00df24a5021a6f02c1830a290acd4bceb22a2d
`8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a`	affected	< 7525aa211758cc023a371e010d16ceaae1057807
`8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a`	affected	< 153017561d2804cfae87cc9aa377aa84dd906ae1
`8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a`	affected	< f76a18e53a66c0ef2938276110717b3805720cd9
`8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a`	affected	< 081790eee6b47389a0d895262086d64c6a38d6e5
`8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a`	affected	< 40a462313ba4f337a2b419e7fb4a670f3dd95e14
`8dbe1d5e09a7faec8d22cadcc1011acab8fa6e2a`	affected	< 8ab5fc55d7f65d58a3c3aeadf11bdf60267cd2bd

Linux

affected

Version	Status	Constraints
`3.17`	affected	—
`0`	unaffected	< 3.17
`4.19.284`	unaffected	≤ 4.19.*
`5.4.244`	unaffected	≤ 5.4.*
`5.10.181`	unaffected	≤ 5.10.*
`5.15.113`	unaffected	≤ 5.15.*
`6.1.30`	unaffected	≤ 6.1.*
`6.3.4`	unaffected	≤ 6.3.*
`6.4`	unaffected	≤ *

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/081790eee6b47389a0d895262086d64c6a38d6e5
https://git.kernel.org/stable/c/153017561d2804cfae87cc9aa377aa84dd906ae1
https://git.kernel.org/stable/c/3f00df24a5021a6f02c1830a290acd4bceb22a2d
https://git.kernel.org/stable/c/40a462313ba4f337a2b419e7fb4a670f3dd95e14
https://git.kernel.org/stable/c/7525aa211758cc023a371e010d16ceaae1057807
https://git.kernel.org/stable/c/8ab5fc55d7f65d58a3c3aeadf11bdf60267cd2bd
https://git.kernel.org/stable/c/f76a18e53a66c0ef2938276110717b3805720cd9
https://lore.kernel.org/linux-cve-announce/2025102214-CVE-2023-53719-ad4c@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-53719
https://www.cve.org/CVERecord?id=CVE-2023-53719

History

Thu, 23 Oct 2025 10:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Thu, 23 Oct 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025102214-CVE-2023-53719-ad4c@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2023-53719 https://www.cve.org/CVERecord?id=CVE-2023-53719
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 22 Oct 2025 13:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: serial: arc_uart: fix of_iomap leak in `arc_serial_probe` Smatch reports: drivers/tty/serial/arc_uart.c:631 arc_serial_probe() warn: 'port->membase' from of_iomap() not released on lines: 631. In arc_serial_probe(), if uart_add_one_port() fails, port->membase is not released, which would cause a resource leak. To fix this, I replace of_iomap with devm_platform_ioremap_resource.
Title		serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
References		https://git.kernel.org/stable/c/081790eee6b47389a0d895262086d64c6a38d6e5 https://git.kernel.org/stable/c/153017561d2804cfae87cc9aa377aa84dd906ae1 https://git.kernel.org/stable/c/3f00df24a5021a6f02c1830a290acd4bceb22a2d https://git.kernel.org/stable/c/40a462313ba4f337a2b419e7fb4a670f3dd95e14 https://git.kernel.org/stable/c/7525aa211758cc023a371e010d16ceaae1057807 https://git.kernel.org/stable/c/8ab5fc55d7f65d58a3c3aeadf11bdf60267cd2bd https://git.kernel.org/stable/c/f76a18e53a66c0ef2938276110717b3805720cd9

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-10-22T13:23:51.441Z

Updated: 2025-10-22T13:23:51.441Z

Reserved: 2025-10-22T13:21:37.347Z

Link: CVE-2023-53719

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-10-22T14:15:46.590

Modified: 2025-10-22T21:12:48.953

Link: CVE-2023-53719

Redhat

Severity : Low

Publid Date: 2025-10-22T00:00:00Z

Links: CVE-2023-53719 - Bugzilla

OpenCVE Enrichment

Updated: 2025-10-23T10:04:58Z

Weaknesses

No weakness.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object