CVE-2023-53611: 
Linux Kernel vulnerability analysis and mitigation

A memory leak vulnerability was discovered in the Linux kernel's IPMI subsystem, specifically in the try_smi_init() function. The vulnerability was assigned CVE-2023-53611 and was disclosed on October 4, 2025. The issue affects the ipmi_si driver in the Linux kernel (NVD).

The vulnerability occurs when an error happens before handlers registration and after allocating new_smi->si_sm. In this scenario, the variable wouldn't be freed in the error handling path since shutdown_smi() hadn't been registered yet. The issue was detected by Kmemleak, which reported an unreferenced object of size 1024 bytes in the modprobe process. The vulnerability has been assigned a CVSS v3.1 score of 5.5 (Low) with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (RedHat).

The vulnerability results in a memory leak in the Linux kernel's IPMI subsystem. While the immediate impact is resource consumption through memory leaks, the long-term effects could include system performance degradation if the leak occurs repeatedly (NVD).

The vulnerability has been fixed by adding a kfree() call in the error handling path in try_smi_init(). Red Hat has marked this fix as deferred for Red Hat Enterprise Linux 8 and 9, including their RT (Real-Time) kernel variants (RedHat).