CVE-2023-54154

EPSS 0.02%
Veröffentlicht 24.12.2025 13:07:04
Zuletzt bearbeitet 29.12.2025 15:58:13
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: core: Fix target_cmd_counter leak

The target_cmd_counter struct allocated via target_alloc_cmd_counter() is
never freed, resulting in leaks across various transport types, e.g.:

 unreferenced object 0xffff88801f920120 (size 96):
  comm "sh", pid 102, jiffies 4294892535 (age 713.412s)
  hex dump (first 32 bytes):
    07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 38 01 92 1f 80 88 ff ff  ........8.......
  backtrace:
    [<00000000e58a6252>] kmalloc_trace+0x11/0x20
    [<0000000043af4b2f>] target_alloc_cmd_counter+0x17/0x90 [target_core_mod]
    [<000000007da2dfa7>] target_setup_session+0x2d/0x140 [target_core_mod]
    [<0000000068feef86>] tcm_loop_tpg_nexus_store+0x19b/0x350 [tcm_loop]
    [<000000006a80e021>] configfs_write_iter+0xb1/0x120
    [<00000000e9f4d860>] vfs_write+0x2e4/0x3c0
    [<000000008143433b>] ksys_write+0x80/0xb0
    [<00000000a7df29b2>] do_syscall_64+0x42/0x90
    [<0000000053f45fb8>] entry_SYSCALL_64_after_hwframe+0x6e/0xd8

Free the structure alongside the corresponding iscsit_conn / se_sess
parent.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 1cd41d1669bcbc5052afa897f85608a62ff3fb30

Version 76b77646f17118f5babe93c032e6b7a53bbde3b9

Status affected

Version < f84639c5ac5f4f95b3992da1af4ff382ebf2e819

Version becd9be6069e7b183c084f460f0eb363e43cc487

Status affected

Version < d14e3e553e05cb763964c991fe6acb0a6a1c6f9c

Version becd9be6069e7b183c084f460f0eb363e43cc487

Status affected

Version bc5ebf93ae23a928303b3643c6f4c4da2f769e7c

Status affected

Version 1eaaf1b828cdaa58abccc68962d24005fd5e8852

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.4

Status affected

Version < 6.4

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.55

Status unaffected

Version <= 6.5.*

Version 6.5.5

Status unaffected

Version <= *

Version 6.6

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.058

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/1cd41d1669bcbc5052afa897f85608a62ff3fb30

https://git.kernel.org/stable/c/f84639c5ac5f4f95b3992da1af4ff382ebf2e819

https://git.kernel.org/stable/c/d14e3e553e05cb763964c991fe6acb0a6a1c6f9c

https://nvd.nist.gov/vuln/detail/CVE-2023-54154

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54154

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54154

EUVD