CVE-2023-53078

In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() If alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not freed, which will cause following memleak: unreferenced object 0xffff88810b2c6980 (size 32): comm "kworker/u16:2", pid 635322, jiffies 4355801099 (age 1216426.076s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$............. backtrace: [<0000000098f3a26d>] alua_activate+0xb0/0x320 [<000000003b529641>] scsi_dh_activate+0xb2/0x140 [<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath] [<000000007adc9ace>] process_one_work+0x3c5/0x730 [<00000000c457a985>] worker_thread+0x93/0x650 [<00000000cb80e628>] kthread+0x1ba/0x210 [<00000000a1e61077>] ret_from_fork+0x22/0x30 Fix the problem by freeing 'qdata' in error path.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0d89254a4320eb7de0970c478172f764125c6355	Patch
https://git.kernel.org/stable/c/123483df146492ca22b503ae6dacc2ce7c3a3974	Patch
https://git.kernel.org/stable/c/1c55982beb80c7d3c30278fc6cfda8496a31dbe6	Patch
https://git.kernel.org/stable/c/5c4d71424df34fc23dc5336d09394ce68c849542	Patch
https://git.kernel.org/stable/c/9311e7a554dffd3823499e309a8b86a5cd1540e5	Patch
https://git.kernel.org/stable/c/a13faca032acbf2699293587085293bdfaafc8ae	Patch
https://git.kernel.org/stable/c/c09cdf6eb815ee35e55d6c50ac7f63db58bd20b8	Patch
https://git.kernel.org/stable/c/c110051d335ef7f62ad33474b0c23997fee5bfb5	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:4.11:-::::::
	cpe:2.3:o:linux:linux_kernel:4.11:rc5::::::
	cpe:2.3:o:linux:linux_kernel:4.11:rc6::::::
	cpe:2.3:o:linux:linux_kernel:4.11:rc7::::::
	cpe:2.3:o:linux:linux_kernel:4.11:rc8::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc3::::::

History

12 Nov 2025, 20:49

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/0d89254a4320eb7de0970c478172f764125c6355 -~~	() https://git.kernel.org/stable/c/0d89254a4320eb7de0970c478172f764125c6355 - Patch
References	~~() https://git.kernel.org/stable/c/123483df146492ca22b503ae6dacc2ce7c3a3974 -~~	() https://git.kernel.org/stable/c/123483df146492ca22b503ae6dacc2ce7c3a3974 - Patch
References	~~() https://git.kernel.org/stable/c/1c55982beb80c7d3c30278fc6cfda8496a31dbe6 -~~	() https://git.kernel.org/stable/c/1c55982beb80c7d3c30278fc6cfda8496a31dbe6 - Patch
References	~~() https://git.kernel.org/stable/c/5c4d71424df34fc23dc5336d09394ce68c849542 -~~	() https://git.kernel.org/stable/c/5c4d71424df34fc23dc5336d09394ce68c849542 - Patch
References	~~() https://git.kernel.org/stable/c/9311e7a554dffd3823499e309a8b86a5cd1540e5 -~~	() https://git.kernel.org/stable/c/9311e7a554dffd3823499e309a8b86a5cd1540e5 - Patch
References	~~() https://git.kernel.org/stable/c/a13faca032acbf2699293587085293bdfaafc8ae -~~	() https://git.kernel.org/stable/c/a13faca032acbf2699293587085293bdfaafc8ae - Patch
References	~~() https://git.kernel.org/stable/c/c09cdf6eb815ee35e55d6c50ac7f63db58bd20b8 -~~	() https://git.kernel.org/stable/c/c09cdf6eb815ee35e55d6c50ac7f63db58bd20b8 - Patch
References	~~() https://git.kernel.org/stable/c/c110051d335ef7f62ad33474b0c23997fee5bfb5 -~~	() https://git.kernel.org/stable/c/c110051d335ef7f62ad33474b0c23997fee5bfb5 - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux Linux linux Kernel
CPE		cpe:2.3:o:linux:linux_kernel:4.11:rc7:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.3:rc1:::::: cpe:2.3:o:linux:linux_kernel:4.11:rc8:::::: cpe:2.3:o:linux:linux_kernel:6.3:rc2:::::: cpe:2.3:o:linux:linux_kernel:4.11:rc5:::::: cpe:2.3:o:linux:linux_kernel:4.11:-:::::: cpe:2.3:o:linux:linux_kernel:4.11:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.3:rc3::::::
CWE		CWE-401

05 May 2025, 20:54

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: scsi_dh_alua: Se corrige la fuga de memoria para 'qdata' en alua_activate(). Si alua_rtpg_queue() falla desde alua_activate(), entonces 'qdata' no se libera, lo que causará la siguiente fuga de memoria: objeto sin referencia 0xffff88810b2c6980 (tamaño 32): comm "kworker/u16:2", pid 635322, jiffies 4355801099 (edad 1216426.076s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$............. backtrace: [<0000000098f3a26d>] alua_activate+0xb0/0x320 [<000000003b529641>] scsi_dh_activate+0xb2/0x140 [<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath] [<000000007adc9ace>] process_one_work+0x3c5/0x730 [<00000000c457a985>] worker_thread+0x93/0x650 [<00000000cb80e628>] kthread+0x1ba/0x210 [<00000000a1e61077>] ret_from_fork+0x22/0x30 Solucione el problema liberando 'qdata' en la ruta de error.

02 May 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-02 16:15

Updated : 2025-11-12 20:49

NVD link : CVE-2023-53078

Mitre link : CVE-2023-53078

CVE.ORG link : CVE-2023-53078

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10