CVE-2023-53697: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a memory leak vulnerability was discovered in the NVDIMM (Non-Volatile Dual In-line Memory Module) subsystem. The issue occurs specifically in the unregister_nvdimm_pmu() function, where memory pointed to by 'nd_pmu->pmu.attr_groups' is allocated in the register_nvdimm_pmu function but is lost after the 'kfree(nd_pmu)' call in the unregister_nvdimm_pmu function (NVD).

The vulnerability is identified as CVE-2023-53697 and has been assigned a CVSS v3.1 base score of 4.7, indicating moderate severity. The vulnerability type is classified as CWE-772 (Memory Leak). The technical nature of the issue involves a memory leak in the NVDIMM Performance Monitoring Unit (PMU) registration and unregistration process, where allocated memory for attribute groups is not properly freed (RedHat).

The impact of this vulnerability is primarily related to resource consumption, as the memory leak could lead to gradual system memory depletion over time. While the severity is rated as moderate, the vulnerability affects the kernel's memory management functionality specifically in the NVDIMM subsystem (RedHat).

The vulnerability has been fixed in the Linux kernel through a patch that properly handles the memory deallocation in the unregister_nvdimm_pmu() function. Red Hat has released updates for affected versions, including kernel version 5.14.0-503.11.1.el9_5 for Red Hat Enterprise Linux 9 (RedHat).