In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.
Loading...
Loading...
Score 7.8 from GitHub Security Advisory (severity: HIGH) published 2023-02-28. NVD baseline CVSS 7.8; sources differ by 0.0.
A fix is available — apply it.
In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.
February 28, 2023
May 5, 2025
| Vendor / Ecosystem | Fixed in / Patch | Released | Source |
|---|---|---|---|
| ubuntu | linux-virtual-hwe-18.04-edge (5.4.0.173.171) @ focal | 2026-05-25 | ubuntu |
| ubuntu | linux-tools-raspi-hwe-18.04-edge (5.4.0.1104.101) @ bionic | 2026-05-25 | ubuntu |
| ubuntu | linux-tools-azure-lts-20.04 (5.4.0.1126.119) @ focal | 2026-05-25 | ubuntu |
| ubuntu | linux-tools-intel-iotg (5.15.0.1050.50) @ jammy | 2026-05-25 | ubuntu |
| ubuntu | linux-virtual-hwe-20.04-edge (5.15.0.100.97) @ jammy | 2026-05-25 | ubuntu |
| ubuntu | linux-tools-oracle-edge (5.4.0.1119.128~18.04.91) @ bionic | 2026-05-25 | ubuntu |
| ubuntu | linux-tools-raspi-nolpae (5.15.0.1048.46) @ jammy | 2026-05-25 | ubuntu |
| ubuntu | linux-tools-oracle-lts-22.04 (5.15.0.1053.49) @ jammy | 2026-05-25 | ubuntu |
| ubuntu | linux-tools-aws-lts-20.04 (5.4.0.1120.117) @ focal | 2026-05-25 | ubuntu |
| ubuntu | linux-tools-kvm (5.15.0.1052.48) @ jammy | 2026-05-25 | ubuntu |
| ubuntu | linux-tools-aws-lts-22.04 (5.15.0.1056.55) @ jammy | 2026-05-25 | ubuntu |
Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.
Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.
In the Linux kernel before 5.17 an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.
Linux kernel vulnerabilities
Linux kernel vulnerabilities
Linux kernel vulnerabilities
Linux kernel (AWS) vulnerabilities
Linux kernel vulnerabilities
Linux kernel vulnerabilities
Linux kernel (Oracle) vulnerabilities
Linux kernel (KVM) vulnerabilities
Linux kernel (Intel IoTG) vulnerabilities
Linux kernel (AWS) vulnerabilities
Linux kernel (Azure) vulnerabilities
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Explore the affected products and dependency analysis for CVE-2023-22995
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.