CVE-2023-53078

MEDIUM EPSS 5.7%
Published May 2, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 2, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() If alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not freed, which will cause following memleak: unreferenced object 0xffff88810b2c6980 (size 32): comm "kworker/u16:2", pid 635322, jiffies 4355801099 (age 1216426.076s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$............. backtrace: [<0000000098f3a26d>] alua_activate+0xb0/0x320 [<000000003b529641>] scsi_dh_activate+0xb2/0x140 [<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath] [<000000007adc9ace>] process_one_work+0x3c5/0x730 [<00000000c457a985>] worker_thread+0x93/0x650 [<00000000cb80e628>] kthread+0x1ba/0x210 [<00000000a1e61077>] ret_from_fork+0x22/0x30 Fix the problem by freeing 'qdata' in error path.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 17

VendorProductVersionRange
linuxlinux_kernel*≥4.9.21  –  <4.10
linuxlinux_kernel*≥4.10.9  –  <4.11
linuxlinux_kernel*≥4.11.1  –  <4.14.312
linuxlinux_kernel*≥4.15  –  <4.19.280
linuxlinux_kernel*≥4.20  –  <5.4.240
linuxlinux_kernel*≥5.5  –  <5.10.177
linuxlinux_kernel*≥5.11  –  <5.15.105
linuxlinux_kernel*≥5.16  –  <6.1.22
linuxlinux_kernel*≥6.2  –  <6.2.9
linuxlinux_kernel4.11any
linuxlinux_kernel4.11any
linuxlinux_kernel4.11any
linuxlinux_kernel4.11any
linuxlinux_kernel4.11any
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/0d89254a4320eb7de0970c478172f764125c6355
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/123483df146492ca22b503ae6dacc2ce7c3a3974
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1c55982beb80c7d3c30278fc6cfda8496a31dbe6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5c4d71424df34fc23dc5336d09394ce68c849542
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9311e7a554dffd3823499e309a8b86a5cd1540e5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a13faca032acbf2699293587085293bdfaafc8ae
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c09cdf6eb815ee35e55d6c50ac7f63db58bd20b8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c110051d335ef7f62ad33474b0c23997fee5bfb5
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0d89254a4320eb7de0970c478172f764125c6355
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/123483df146492ca22b503ae6dacc2ce7c3a3974
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1c55982beb80c7d3c30278fc6cfda8496a31dbe6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5c4d71424df34fc23dc5336d09394ce68c849542
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9311e7a554dffd3823499e309a8b86a5cd1540e5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a13faca032acbf2699293587085293bdfaafc8ae
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c09cdf6eb815ee35e55d6c50ac7f63db58bd20b8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c110051d335ef7f62ad33474b0c23997fee5bfb5
    Patch