CVE-2023-54020

24.12.2025, 11:15

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: sf-pdma: pdma_desc memory leak fix

Commit b2cc5c465c2c ("dmaengine: sf-pdma: Add multithread support for a
DMA channel") changed sf_pdma_prep_dma_memcpy() to unconditionally
allocate a new sf_pdma_desc each time it is called.

The driver previously recycled descs, by checking the in_use flag, only
allocating additional descs if the existing one was in use. This logic
was removed in commit b2cc5c465c2c ("dmaengine: sf-pdma: Add multithread
support for a DMA channel"), but sf_pdma_free_desc() was not changed to
handle the new behaviour.

As a result, each time sf_pdma_prep_dma_memcpy() is called, the previous
descriptor is leaked, over time leading to memory starvation:

  unreferenced object 0xffffffe008447300 (size 192):
  comm "irq/39-mchp_dsc", pid 343, jiffies 4294906910 (age 981.200s)
  hex dump (first 32 bytes):
    00 00 00 ff 00 00 00 00 b8 c1 00 00 00 00 00 00  ................
    00 00 70 08 10 00 00 00 00 00 00 c0 00 00 00 00  ..p.............
  backtrace:
    [<00000000064a04f4>] kmemleak_alloc+0x1e/0x28
    [<00000000018927a7>] kmem_cache_alloc+0x11e/0x178
    [<000000002aea8d16>] sf_pdma_prep_dma_memcpy+0x40/0x112

Add the missing kfree() to sf_pdma_free_desc(), and remove the redundant
in_use flag.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	vulnerable
bullseye (security)	vulnerable
bookworm	6.1.148-1 fixed
bookworm (security)	6.1.158-1 fixed
trixie	6.12.57-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.17.12-1 fixed
sid	6.17.13-1 fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einer Denial-of-Service- Bedingung führen oder eine Speicherbeschädigung verursachen können.
Published: 2025-12-23T23:00:00+00:00

References

https://git.kernel.org/stable/c/03fece43fa109beba7cc9948c02f5e2d1205d607

https://git.kernel.org/stable/c/8bd5040bd43f2b5ba3c898b09a3197a0c7ace126

https://git.kernel.org/stable/c/ad222c9af25e3f074c180e389b3477dce42afc4f

https://git.kernel.org/stable/c/b02e07015a5ac7bbc029da931ae17914b8ae0339