-

CVE-2023-54050

EPSS 0.05%
Veröffentlicht 24.12.2025 12:23:00
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

ubifs: Fix memleak when insert_old_idx() failed

In the Linux kernel, the following vulnerability has been resolved:

ubifs: Fix memleak when insert_old_idx() failed

Following process will cause a memleak for copied up znode:

dirty_cow_znode
  zn = copy_znode(c, znode);
  err = insert_old_idx(c, zbr->lnum, zbr->offs);
  if (unlikely(err))
     return ERR_PTR(err);   // No one refers to zn.

Fetch a reproducer in [Link].

Function copy_znode() is split into 2 parts: resource allocation
and znode replacement, insert_old_idx() is split in similar way,
so resource cleanup could be done in error handling path without
corrupting metadata(mem & disk).
It's okay that old index inserting is put behind of add_idx_dirt(),
old index is used in layout_leb_in_gaps(), so the two processes do
not depend on each other.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

CNA 2 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d

Version < cc29c7216d7f057eb0613b97dc38c7e1962a88d2

Status affected

Version 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d

Version < 6f2eee5457bc48b0426dedfd78cdbdea241a6edb

Status affected

Version 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d

Version < 66e9f2fb3e753f820bec2a98e8c6387029988320

Status affected

Version 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d

Version < 3ae75f82c33fa1b4ca2006b55c84f4ef4a428d4d

Status affected

Version 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d

Version < ef9aac603659e9ffe7d69ae16e3f0fc0991a965b

Status affected

Version 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d

Version < 79079cebbeed624b9d01cfcf1e3254ae1a1f6e14

Status affected

Version 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d

Version < a6da0ab9847779e05a7416c7a98148b549de69ef

Status affected

Version 1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d

Version < b5fda08ef213352ac2df7447611eb4d383cce929

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.27

Status affected

Version 0

Version < 2.6.27

Status unaffected

Version <= 4.19.*

Version 4.19.283

Status unaffected

Version <= 5.4.*

Version 5.4.243

Status unaffected

Version <= 5.10.*

Version 5.10.180

Status unaffected

Version <= 5.15.*

Version 5.15.111

Status unaffected

Version <= 6.1.*

Version 6.1.28

Status unaffected

Version <= 6.2.*

Version 6.2.15

Status unaffected

Version <= 6.3.*

Version 6.3.2

Status unaffected

Version <= *

Version 6.4

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.144

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/cc29c7216d7f057eb0613b97dc38c7e1962a88d2

https://git.kernel.org/stable/c/6f2eee5457bc48b0426dedfd78cdbdea241a6edb

https://git.kernel.org/stable/c/66e9f2fb3e753f820bec2a98e8c6387029988320

https://git.kernel.org/stable/c/3ae75f82c33fa1b4ca2006b55c84f4ef4a428d4d

https://git.kernel.org/stable/c/ef9aac603659e9ffe7d69ae16e3f0fc0991a965b

https://git.kernel.org/stable/c/79079cebbeed624b9d01cfcf1e3254ae1a1f6e14

https://git.kernel.org/stable/c/a6da0ab9847779e05a7416c7a98148b549de69ef

https://git.kernel.org/stable/c/b5fda08ef213352ac2df7447611eb4d383cce929

https://nvd.nist.gov/vuln/detail/CVE-2023-54050

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54050

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54050

EUVD