5.5
CVE-2023-53078
- EPSS 0.17%
- Veröffentlicht 02.05.2025 15:55:28
- Zuletzt bearbeitet 12.11.2025 20:49:25
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
In the Linux kernel, the following vulnerability has been resolved:
scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
If alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not
freed, which will cause following memleak:
unreferenced object 0xffff88810b2c6980 (size 32):
comm "kworker/u16:2", pid 635322, jiffies 4355801099 (age 1216426.076s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$.............
backtrace:
[<0000000098f3a26d>] alua_activate+0xb0/0x320
[<000000003b529641>] scsi_dh_activate+0xb2/0x140
[<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath]
[<000000007adc9ace>] process_one_work+0x3c5/0x730
[<00000000c457a985>] worker_thread+0x93/0x650
[<00000000cb80e628>] kthread+0x1ba/0x210
[<00000000a1e61077>] ret_from_fork+0x22/0x30
Fix the problem by freeing 'qdata' in error path.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.9.21 < 4.10
Linux ≫ Linux Kernel Version >= 4.10.9 < 4.11
Linux ≫ Linux Kernel Version >= 4.11.1 < 4.14.312
Linux ≫ Linux Kernel Version >= 4.15 < 4.19.280
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.240
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.177
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.105
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.22
Linux ≫ Linux Kernel Version >= 6.2 < 6.2.9
Linux ≫ Linux Kernel Version4.11 Update-
Linux ≫ Linux Kernel Version4.11 Updaterc5
Linux ≫ Linux Kernel Version4.11 Updaterc6
Linux ≫ Linux Kernel Version4.11 Updaterc7
Linux ≫ Linux Kernel Version4.11 Updaterc8
Linux ≫ Linux Kernel Version6.3 Updaterc1
Linux ≫ Linux Kernel Version6.3 Updaterc2
Linux ≫ Linux Kernel Version6.3 Updaterc3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.062 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/123483df146492ca22b503ae6dacc2ce7c3a3974
https://git.kernel.org/stable/c/c110051d335ef7f62ad33474b0c23997fee5bfb5
https://git.kernel.org/stable/c/5c4d71424df34fc23dc5336d09394ce68c849542
https://git.kernel.org/stable/c/c09cdf6eb815ee35e55d6c50ac7f63db58bd20b8
https://git.kernel.org/stable/c/9311e7a554dffd3823499e309a8b86a5cd1540e5
https://git.kernel.org/stable/c/1c55982beb80c7d3c30278fc6cfda8496a31dbe6
https://git.kernel.org/stable/c/0d89254a4320eb7de0970c478172f764125c6355
https://git.kernel.org/stable/c/a13faca032acbf2699293587085293bdfaafc8ae