CVE-2023-53808

Vulnerability

The mwifiex_histogram_read() function in the Linux kernel's Marvell wifi driver had a memory leak on its return path [1][2][3][4]. When a zeroed page was allocated for histogram data but the function returned early (for example due to an error or EOF), the allocated page was not freed, causing the kernel to leak memory over repeated reads [1][2][3][4].

Exploitation

This vulnerability is exploitable by a local attacker who has access to the affected device's debugfs or procfs interfaces that invoke mwifiex_histogram_read(). No special privileges beyond the ability to read the histogram file are required [1][2][3][4]. By repeatedly reading this file, the attacker can trigger the memory leak, gradually consuming kernel memory [1][2][3][4].

Impact

Over time, the memory leak can deplete available kernel memory, potentially causing denial-of-service conditions such as system slowdowns, instability, or crashes [1][2][3][4]. The leak does not directly allow arbitrary code execution or privilege escalation, but it can degrade system performance and availability [1][2][3][4].

Mitigation

The fix was applied to multiple stable kernel branches [1][2][3][4] and ensures that the allocated page is freed on all return paths from mwifiex_histogram_read() [1][2][3][4]. Users should update their kernel to the latest stable version that includes the corresponding commit.