CVE-2023-53078
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
If alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not freed, which will cause following memleak:
unreferenced object 0xffff88810b2c6980 (size 32): comm "kworker/u16:2", pid 635322, jiffies 4355801099 (age 1216426.076s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ……………. 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$…………. backtrace: [<0000000098f3a26d>] alua_activate+0xb0/0x320 [<000000003b529641>] scsi_dh_activate+0xb2/0x140 [<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath] [<000000007adc9ace>] process_one_work+0x3c5/0x730 [<00000000c457a985>] worker_thread+0x93/0x650 [<00000000cb80e628>] kthread+0x1ba/0x210 [<00000000a1e61077>] ret_from_fork+0x22/0x30
Fix the problem by freeing 'qdata' in error path.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 625fe857e4fac6518716f3c0ff5e5deb8ec6d238 < 123483df146492ca22b503ae6dacc2ce7c3a3974 | affected |
| Linux | Linux | 625fe857e4fac6518716f3c0ff5e5deb8ec6d238 < c110051d335ef7f62ad33474b0c23997fee5bfb5 | affected |
| Linux | Linux | 625fe857e4fac6518716f3c0ff5e5deb8ec6d238 < 5c4d71424df34fc23dc5336d09394ce68c849542 | affected |
| Linux | Linux | 625fe857e4fac6518716f3c0ff5e5deb8ec6d238 < c09cdf6eb815ee35e55d6c50ac7f63db58bd20b8 | affected |
| Linux | Linux | 625fe857e4fac6518716f3c0ff5e5deb8ec6d238 < 9311e7a554dffd3823499e309a8b86a5cd1540e5 | affected |
| Linux | Linux | 625fe857e4fac6518716f3c0ff5e5deb8ec6d238 < 1c55982beb80c7d3c30278fc6cfda8496a31dbe6 | affected |
| Linux | Linux | 625fe857e4fac6518716f3c0ff5e5deb8ec6d238 < 0d89254a4320eb7de0970c478172f764125c6355 | affected |
| Linux | Linux | 625fe857e4fac6518716f3c0ff5e5deb8ec6d238 < a13faca032acbf2699293587085293bdfaafc8ae | affected |
| Linux | Linux | 68b275b7cbf065a8ea9b964cbb7d78d2b63c635f | affected |
| Linux | Linux | 2b1725d1df362499f6bbd5a7e245a4090b29c2bb | affected |
| Linux | Linux | 4.9.21 < 4.10 | affected |
| Linux | Linux | 4.10.9 < 4.11 | affected |
| Linux | Linux | 4.11 | affected |
| Linux | Linux | 0 < 4.11 | unaffected |
| Linux | Linux | 4.14.312 <= 4.14.* | unaffected |
| Linux | Linux | 4.19.280 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.240 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.177 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.105 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.22 <= 6.1.* | unaffected |
| Linux | Linux | 6.2.9 <= 6.2.* | unaffected |
| Linux | Linux | 6.3 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/123483df146492ca22b503ae6dacc2ce7c3a3974
- https://git.kernel.org/stable/c/c110051d335ef7f62ad33474b0c23997fee5bfb5
- https://git.kernel.org/stable/c/5c4d71424df34fc23dc5336d09394ce68c849542
- https://git.kernel.org/stable/c/c09cdf6eb815ee35e55d6c50ac7f63db58bd20b8
- https://git.kernel.org/stable/c/9311e7a554dffd3823499e309a8b86a5cd1540e5
- https://git.kernel.org/stable/c/1c55982beb80c7d3c30278fc6cfda8496a31dbe6
- https://git.kernel.org/stable/c/0d89254a4320eb7de0970c478172f764125c6355
- https://git.kernel.org/stable/c/a13faca032acbf2699293587085293bdfaafc8ae
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.