CVE-2023-53371: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a memory leak vulnerability was identified in the mlx5efsttredirectany_create function. The issue occurs when the memory pointed to by the fs->any pointer is not freed in the error path, which can lead to a memory leak. This vulnerability was assigned CVE-2023-53371 and was published to the CVE List on September 18, 2025 (NVD).

The vulnerability exists in the net/mlx5e subsystem of the Linux kernel. Specifically, the error handling path in mlx5efsttredirectanycreate function fails to properly free allocated memory, creating a discrepancy with the mlx5efsttredirectanydestroy() function's cleanup process. The issue was identified and fixed by implementing proper memory deallocation in the error path (Ubuntu).

The vulnerability results in a memory leak condition in the Linux kernel. While memory leaks don't typically pose immediate security risks, they can lead to system resource exhaustion over time, potentially affecting system stability and performance (NVD).

The vulnerability has been addressed through a patch that ensures proper memory deallocation in the error path of mlx5efsttredirectanycreate, making it consistent with the cleanup process in mlx5efsttredirectanydestroy(). The fix has been incorporated into various Linux distributions including Ubuntu and Red Hat Enterprise Linux (Red Hat).