CVE-2023-52989: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-52989 is a memory leak vulnerability discovered in the Linux kernel's FireWire subsystem, specifically affecting the handling of payload requests to the IEC 61883-1 FCP region. The vulnerability affects Linux kernel version 2.6.33 and later (NVD). The issue was publicly disclosed on March 27, 2025.

The vulnerability stems from a memory leak in the FireWire subsystem's handling of request subactions to the IEC 61883-1 FCP region. The issue occurs when multiple user space listeners access the region, where the payload data object is duplicated in kernel space for each listener. When a listener executes ioctl(2) with FWCDEVIOCSENDRESPONSE request, the object should be released, but due to an implementation flaw in releaseclientresource(), the release_request() function in drivers/firewire/core-cdev.c is never called, resulting in a memory leak (NVD).

The vulnerability leads to memory leaks in the Linux kernel when processing FireWire requests, which could potentially result in system resource exhaustion over time. This could affect system stability and performance on affected systems (NVD).

The issue has been resolved through a patch that fixes the memory leak by ensuring proper object release when processing FireWire requests. System administrators should apply the latest kernel updates that include this fix (NVD).