CVE-2023-54020Missing Release of Memory after Effective Lifetime in Linux

7 documents6 sources
Severity
N/A
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: pdma_desc memory leak fix Commit b2cc5c465c2c ("dmaengine: sf-pdma: Add multithread support for a DMA channel") changed sf_pdma_prep_dma_memcpy() to unconditionally allocate a new sf_pdma_desc each time it is called. The driver previously recycled descs, by checking the in_use flag, only allocating additional descs if the existing one was in use. This logic was removed in commit b2cc5c465c2c ("dmaengine: s

Affected Packages4 packages

Linuxlinux/linux_kernel5.16.06.1.16+2
Debianlinux/linux_kernel< 6.1.20-1+2
CVEListV5linux/linux5ab2782c944e324008ef5d658f2494a9f0e3c5acad222c9af25e3f074c180e389b3477dce42afc4f+7
debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

3
OSV
dmaengine: sf-pdma: pdma_desc memory leak fix2025-12-24
OSV
CVE-2023-54020: In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: pdma_desc memory leak fix Commit b2cc5c465c2c ("dmaengine: sf-2025-12-24
GHSA
GHSA-4cm4-vw36-jc7r: In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: pdma_desc memory leak fix Commit b2cc5c465c2c ("dmaengine: s2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: dmaengine: sf-pdma: pdma_desc memory leak fix2025-12-24
Debian
CVE-2023-54020: linux - In the Linux kernel, the following vulnerability has been resolved: dmaengine: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54020 Impact, Exploitability, and Mitigation Steps | Wiz