CVE-2023-53078
02.05.2025, 16:15
In the Linux kernel, the following vulnerability has been resolved:
scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
If alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not
freed, which will cause following memleak:
unreferenced object 0xffff88810b2c6980 (size 32):
comm "kworker/u16:2", pid 635322, jiffies 4355801099 (age 1216426.076s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$.............
backtrace:
[<0000000098f3a26d>] alua_activate+0xb0/0x320
[<000000003b529641>] scsi_dh_activate+0xb2/0x140
[<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath]
[<000000007adc9ace>] process_one_work+0x3c5/0x730
[<00000000c457a985>] worker_thread+0x93/0x650
[<00000000cb80e628>] kthread+0x1ba/0x210
[<00000000a1e61077>] ret_from_fork+0x22/0x30
Fix the problem by freeing 'qdata' in error path.Enginsight| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 4.9.21 ≤ 𝑥 < 4.10 |
| linux | linux_kernel | 4.10.9 ≤ 𝑥 < 4.11 |
| linux | linux_kernel | 4.11.1 ≤ 𝑥 < 4.14.312 |
| linux | linux_kernel | 4.15 ≤ 𝑥 < 4.19.280 |
| linux | linux_kernel | 4.20 ≤ 𝑥 < 5.4.240 |
| linux | linux_kernel | 5.5 ≤ 𝑥 < 5.10.177 |
| linux | linux_kernel | 5.11 ≤ 𝑥 < 5.15.105 |
| linux | linux_kernel | 5.16 ≤ 𝑥 < 6.1.22 |
| linux | linux_kernel | 6.2 ≤ 𝑥 < 6.2.9 |
| linux | linux_kernel | 4.11 |
| linux | linux_kernel | 4.11:rc5 |
| linux | linux_kernel | 4.11:rc6 |
| linux | linux_kernel | 4.11:rc7 |
| linux | linux_kernel | 4.11:rc8 |
| linux | linux_kernel | 6.3:rc1 |
| linux | linux_kernel | 6.3:rc2 |
| linux | linux_kernel | 6.3:rc3 |
𝑥
= Vulnerable software versions
Debian Releases
Common Weakness Enumeration
References