CVE-2023-53610: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-53610 is a vulnerability discovered in the Linux kernel related to a refcount leak in the platformirqchipprobe functionality. The issue was disclosed on October 4, 2025, affecting the irqchip subsystem. The vulnerability occurs because ofirqfind_parent() returns a node pointer with refcount incremented, but the code fails to properly release this reference count when it's no longer needed (NVD, Rapid7).

The vulnerability stems from a missing ofnodeput() call in the platformirqchipprobe function. When ofirqfind_parent() is called, it returns a node pointer with an incremented reference count, but the code path fails to properly decrement this count when the pointer is no longer needed. This results in a reference count leak in the kernel's memory management system. The vulnerability has been assigned a CVSS v3.1 score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (RedHat).

The reference count leak can lead to memory management issues in the Linux kernel. While the vulnerability doesn't allow for direct code execution or information disclosure, it could potentially lead to system resource exhaustion over time, affecting system stability and availability (RedHat).

The vulnerability has been fixed by adding the missing ofnodeput() call to properly release the reference count when the node pointer is no longer needed. Red Hat Enterprise Linux 9 and kernel-rt have deferred the fix, while versions 6, 7, and 8 are not affected. Users are advised to update their systems once patches are available for their specific distribution (RedHat).