VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 22, 2025· Updated Apr 15, 2026

CVE-2023-53693

CVE-2023-53693

Description

In the Linux kernel, the following vulnerability has been resolved:

USB: gadget: Fix the memory leak in raw_gadget driver

Currently, increasing raw_dev->count happens before invoke the raw_queue_event(), if the raw_queue_event() return error, invoke raw_release() will not trigger the dev_free() to be called.

[ 268.905865][ T5067] raw-gadget.0 gadget.0: failed to queue event [ 268.912053][ T5067] udc dummy_udc.0: failed to start USB Raw Gadget: -12 [ 268.918885][ T5067] raw-gadget.0: probe of gadget.0 failed with error -12 [ 268.925956][ T5067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 268.934657][ T5067] misc raw-gadget: fail, usb_gadget_register_driver returned -16

BUG: memory leak

[] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076 [] kmalloc include/linux/slab.h:582 [inline] [] kzalloc include/linux/slab.h:703 [inline] [] dev_new drivers/usb/gadget/legacy/raw_gadget.c:191 [inline] [] raw_open+0x45/0x110 drivers/usb/gadget/legacy/raw_gadget.c:385 [] misc_open+0x1a9/0x1f0 drivers/char/misc.c:165

[] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076 [] kmalloc include/linux/slab.h:582 [inline] [] raw_ioctl_init+0xdf/0x410 drivers/usb/gadget/legacy/raw_gadget.c:460 [] raw_ioctl+0x5f9/0x1120 drivers/usb/gadget/legacy/raw_gadget.c:1250 [] vfs_ioctl fs/ioctl.c:51 [inline]

[] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076 [] kmalloc include/linux/slab.h:582 [inline] [] kzalloc include/linux/slab.h:703 [inline] [] dummy_alloc_request+0x5a/0xe0 drivers/usb/gadget/udc/dummy_hcd.c:665 [] usb_ep_alloc_request+0x22/0xd0 drivers/usb/gadget/udc/core.c:196 [] gadget_bind+0x6d/0x370 drivers/usb/gadget/legacy/raw_gadget.c:292

This commit therefore invoke kref_get() under the condition that raw_queue_event() return success.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory leak in the Linux kernel's raw_gadget driver occurs when raw_queue_event() fails after raw_dev->count is incremented, preventing dev_free() from being called.

Vulnerability

Overview

CVE-2023-53693 describes a memory leak in the Linux kernel's USB raw_gadget driver. The root cause is an ordering issue in the driver's initialization logic: the reference count raw_dev->count is incremented before calling raw_queue_event(). If raw_queue_event() fails (e.g., due to an out-of-memory condition), the subsequent call to raw_release() does not trigger dev_free the device because the reference count is already elevated, preventing dev_free()` from being invoked [1][2][3].

Exploitation

Conditions

An attacker with local access to the system can trigger this vulnerability by opening the raw-gadget device and initiating operations that cause raw_queue_event() to fail. The kernel log shows errors such as "failed to queue event" and "failed to start USB Raw Gadget: -12" (ENOMEM) [1][2][3]. No special privileges are required beyond the ability to interact with the raw-gadget character device, which is typically accessible to users with appropriate permissions.

Impact

Repeated exploitation leads to a kernel memory exhaustion, as each failed attempt leaks the allocated device structure (dev_new), request objects (dummy_alloc_request), and other associated memory. This can result in a denial-of-service (DoS) condition, potentially causing system instability or crashes [1][2][3].

Mitigation

The fix, applied in multiple stable kernel branches, moves the kref_get() call to occur only after raw_queue_event() succeeds, ensuring that the reference count is not incremented prematurely. Users should update to a patched kernel version containing commits 0f7a2b567197, 9934e5d07c0d, or de77000c1923 [1][2][3].

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

5
68e6287ac61d
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
0f7a2b567197
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
de77000c1923
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
9934e5d07c0d
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
83e30f2bf86e
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.