{"id":"CVE-2023-53693","summary":"USB: gadget: Fix the memory leak in raw_gadget driver","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix the memory leak in raw_gadget driver\n\nCurrently, increasing raw_dev-\u003ecount happens before invoke the\nraw_queue_event(), if the raw_queue_event() return error, invoke\nraw_release() will not trigger the dev_free() to be called.\n\n[  268.905865][ T5067] raw-gadget.0 gadget.0: failed to queue event\n[  268.912053][ T5067] udc dummy_udc.0: failed to start USB Raw Gadget: -12\n[  268.918885][ T5067] raw-gadget.0: probe of gadget.0 failed with error -12\n[  268.925956][ T5067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy\n[  268.934657][ T5067] misc raw-gadget: fail, usb_gadget_register_driver returned -16\n\nBUG: memory leak\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347eb55\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347eb55\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff8347eb55\u003e] dev_new drivers/usb/gadget/legacy/raw_gadget.c:191 [inline]\n[\u003cffffffff8347eb55\u003e] raw_open+0x45/0x110 drivers/usb/gadget/legacy/raw_gadget.c:385\n[\u003cffffffff827d1d09\u003e] misc_open+0x1a9/0x1f0 drivers/char/misc.c:165\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347cd2f\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347cd2f\u003e] raw_ioctl_init+0xdf/0x410 drivers/usb/gadget/legacy/raw_gadget.c:460\n[\u003cffffffff8347dfe9\u003e] raw_ioctl+0x5f9/0x1120 drivers/usb/gadget/legacy/raw_gadget.c:1250\n[\u003cffffffff81685173\u003e] vfs_ioctl fs/ioctl.c:51 [inline]\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff833ecc6a\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff833ecc6a\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff833ecc6a\u003e] dummy_alloc_request+0x5a/0xe0 drivers/usb/gadget/udc/dummy_hcd.c:665\n[\u003cffffffff833e9132\u003e] usb_ep_alloc_request+0x22/0xd0 drivers/usb/gadget/udc/core.c:196\n[\u003cffffffff8347f13d\u003e] gadget_bind+0x6d/0x370 drivers/usb/gadget/legacy/raw_gadget.c:292\n\nThis commit therefore invoke kref_get() under the condition that\nraw_queue_event() return success.","modified":"2026-04-02T09:44:51.276426Z","published":"2025-10-22T13:23:35.280Z","related":["SUSE-SU-2025:21040-1","SUSE-SU-2025:21052-1","SUSE-SU-2025:21056-1","SUSE-SU-2025:21064-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4111-1","SUSE-SU-2025:4128-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4139-1","SUSE-SU-2025:4140-1","SUSE-SU-2025:4141-1","SUSE-SU-2025:4149-1","SUSE-SU-2025:4301-1","SUSE-SU-2025:4320-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53693.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0f7a2b567197798da7bfa2252f4485c0ca6c6266"},{"type":"WEB","url":"https://git.kernel.org/stable/c/68e6287ac61dc22513cd39f02b9ac1fef28513e4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/83e30f2bf86ef7c38fbd476ed81a88522b620628"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9934e5d07c0dc294169a7d52f6309f35cd6d7755"},{"type":"WEB","url":"https://git.kernel.org/stable/c/de77000c1923d7942f9b4f08447c8feeae1c0f33"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53693.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53693"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10"},{"fixed":"68e6287ac61dc22513cd39f02b9ac1fef28513e4"},{"fixed":"0f7a2b567197798da7bfa2252f4485c0ca6c6266"},{"fixed":"de77000c1923d7942f9b4f08447c8feeae1c0f33"},{"fixed":"9934e5d07c0dc294169a7d52f6309f35cd6d7755"},{"fixed":"83e30f2bf86ef7c38fbd476ed81a88522b620628"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53693.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.7.0"},{"fixed":"5.10.190"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.124"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.43"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.4.8"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53693.json"}}],"schema_version":"1.7.5"}