VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-9943-gmpa-vqct

Essentials
Severities (12)
References (17)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-9943-gmpa-vqct
Aliases	CVE-2023-52653
Summary	In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix a memleak in gss_import_v2_context The ctx->mech_used.data allocated by kmemdup is not freed in neither gss_import_v2_context nor it only caller gss_krb5_import_sec_context, which frees ctx on error. Thus, this patch reform the last call of gss_import_v2_context to the gss_krb5_import_ctx_v2, preventing the memleak while keepping the return formation.
Status	Published
Exploitability	0.5
Weighted Severity	5.0
Risk	2.5
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
cvssv3	5.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52653.json
epss	9e-05	https://api.first.org/data/v1/epss?cve=CVE-2023-52653
epss	9e-05	https://api.first.org/data/v1/epss?cve=CVE-2023-52653
cvssv3.1	3.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.5	https://git.kernel.org/stable/c/47ac11db93e74ac49cd6c3fc69bcbc5964c4a8b4
ssvc	Track	https://git.kernel.org/stable/c/47ac11db93e74ac49cd6c3fc69bcbc5964c4a8b4
cvssv3.1	5.5	https://git.kernel.org/stable/c/99044c01ed5329e73651c054d8a4baacdbb1a27c
ssvc	Track	https://git.kernel.org/stable/c/99044c01ed5329e73651c054d8a4baacdbb1a27c
cvssv3.1	5.5	https://git.kernel.org/stable/c/d111e30d9cd846bb368faf3637dc0f71fcbcf822
ssvc	Track	https://git.kernel.org/stable/c/d111e30d9cd846bb368faf3637dc0f71fcbcf822
cvssv3.1	5.5	https://git.kernel.org/stable/c/e67b652d8e8591d3b1e569dbcdfcee15993e91fa
ssvc	Track	https://git.kernel.org/stable/c/e67b652d8e8591d3b1e569dbcdfcee15993e91fa

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52653.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-52653
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2278515		https://bugzilla.redhat.com/show_bug.cgi?id=2278515
47ac11db93e74ac49cd6c3fc69bcbc5964c4a8b4		https://git.kernel.org/stable/c/47ac11db93e74ac49cd6c3fc69bcbc5964c4a8b4
99044c01ed5329e73651c054d8a4baacdbb1a27c		https://git.kernel.org/stable/c/99044c01ed5329e73651c054d8a4baacdbb1a27c
d111e30d9cd846bb368faf3637dc0f71fcbcf822		https://git.kernel.org/stable/c/d111e30d9cd846bb368faf3637dc0f71fcbcf822
e67b652d8e8591d3b1e569dbcdfcee15993e91fa		https://git.kernel.org/stable/c/e67b652d8e8591d3b1e569dbcdfcee15993e91fa
RHSA-2024:5101		https://access.redhat.com/errata/RHSA-2024:5101
RHSA-2024:5102		https://access.redhat.com/errata/RHSA-2024:5102
RHSA-2025:3510		https://access.redhat.com/errata/RHSA-2025:3510
USN-6816-1		https://usn.ubuntu.com/6816-1/
USN-6817-1		https://usn.ubuntu.com/6817-1/
USN-6817-2		https://usn.ubuntu.com/6817-2/
USN-6817-3		https://usn.ubuntu.com/6817-3/
USN-6878-1		https://usn.ubuntu.com/6878-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52653.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://git.kernel.org/stable/c/47ac11db93e74ac49cd6c3fc69bcbc5964c4a8b4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-06T18:26:34Z/ Found at https://git.kernel.org/stable/c/47ac11db93e74ac49cd6c3fc69bcbc5964c4a8b4

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://git.kernel.org/stable/c/99044c01ed5329e73651c054d8a4baacdbb1a27c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-06T18:26:34Z/ Found at https://git.kernel.org/stable/c/99044c01ed5329e73651c054d8a4baacdbb1a27c

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://git.kernel.org/stable/c/d111e30d9cd846bb368faf3637dc0f71fcbcf822

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-06T18:26:34Z/ Found at https://git.kernel.org/stable/c/d111e30d9cd846bb368faf3637dc0f71fcbcf822

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://git.kernel.org/stable/c/e67b652d8e8591d3b1e569dbcdfcee15993e91fa

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-06T18:26:34Z/ Found at https://git.kernel.org/stable/c/e67b652d8e8591d3b1e569dbcdfcee15993e91fa

Exploit Prediction Scoring System (EPSS)

Percentile	0.00964
EPSS Score	9e-05
Published At	June 5, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:47:43.309928+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	38.6.0