VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 8, 2025· Updated Apr 15, 2026

CVE-2023-53767

CVE-2023-53767

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: fix memory leak in ath12k_qmi_driver_event_work()

Currently the buffer pointed by event is not freed in case ATH12K_FLAG_UNREGISTERING bit is set, this causes memory leak.

Add a goto skip instead of return, to ensure event and all the list entries are freed properly.

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory leak in the Linux kernel's ath12k WiFi driver occurs when the ATH12K_FLAG_UNREGISTERING bit is set, preventing proper freeing of event buffers.

Vulnerability

In the Linux kernel's ath12k WiFi driver, a memory leak exists in the ath12k_qmi_driver_event_work() function. When the ATH12Kernel's ATH12K_FLAG_UNREGISTERING flag is set, the function returns early without freeing the event` buffer, leading to a memory leak [1].

Exploitation

This vulnerability is triggered during driver unregistration or removal, when the ATH12K_FLAG_UNREGISTERING bit is set. An attacker would need to be able to trigger driver unload or device removal, which typically requires local access or the system or the ability to hot-unplug the device. No special privileges are required beyond the ability to cause the driver to unregister.

Impact

An attacker who can repeatedly trigger the driver unregistration path can cause a memory leak, potentially leading to system memory exhaustion and denial of service. The leak is limited to the event buffer allocated in the QMI driver event workqueue.

Mitigation

The fix is to replace the early return with a goto skip that ensures the event buffer and all list entries are properly freed before returning. The patch has been applied to the Linux kernel stable tree [1]. Users should update to a kernel version containing the fix.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

2
a87f59041a7f
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
960412bee0ea
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.