CVE-2023-53423: 
Linux Kernel vulnerability analysis and mitigation

A memory leak vulnerability was identified in the Linux kernel's objtool component, specifically in the create_static_call_sections() function. The issue occurs when strdup() allocates memory for key_name but fails to release it in certain error paths. This vulnerability was disclosed with identifier CVE-2023-53423 and has been assigned a medium priority (Ubuntu Security).

The vulnerability stems from improper memory management in the Linux kernel's objtool functionality. Specifically, the create_static_call_sections() function uses strdup() to allocate memory for key_name, but fails to properly free this memory in error handling paths, resulting in a memory leak. The issue has been fixed by adding appropriate free() calls to release the allocated memory in the error paths (Debian Security).

The memory leak could lead to gradual system resource consumption over time, potentially affecting system performance and stability if the vulnerable code path is repeatedly triggered (Ubuntu Security).

The vulnerability has been fixed in various Linux distributions through kernel updates. Ubuntu has released fixes in multiple kernel versions, including linux-azure (5.15.0-1045.52), linux-kvm (5.15.0-1039.44), and linux-gke (5.15.0-1039.44). Debian has also addressed this in versions 5.10.223-1 for bullseye and 6.1.148-1 for bookworm (Ubuntu Security, Debian Security).