CVE-2023-53173: 
Linux Kernel vulnerability analysis and mitigation

A memory leak vulnerability was identified in the Linux kernel's tty pcn_uart driver (CVE-2023-53173). The issue was discovered and disclosed on September 15, 2025, affecting the debugfs_lookup() function implementation. When this function is called, it requires a dput() call on the result to prevent memory leakage over time (NVD).

The vulnerability occurs in the tty pcn_uart driver of the Linux kernel when using debugfs_lookup(). The technical issue stems from not properly calling dput() on the result of debugfs_lookup(), which causes memory to leak gradually over time. The fix involves replacing the problematic implementation with debugfs_lookup_and_remove() which handles all the required logic in a single call (NVD). The vulnerability has been assessed with a CVSS score of 7.0, indicating a local attack vector with high complexity (Oracle Linux).

The vulnerability results in a memory leak condition that can degrade system performance over time as memory resources are not properly freed. This affects various Linux distributions including Ubuntu 22.04 LTS and Oracle Linux (Ubuntu Security, Oracle Linux).

The vulnerability has been fixed in multiple Linux distributions. Ubuntu has released patches for version 22.04 LTS (jammy) in linux-image 5.15.0-79.86. Oracle Linux has also provided fixes for their Unbreakable Enterprise kernel versions 8 and 9 (Ubuntu Security, Oracle Linux).