CVE-2023-54024Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy target device if coalesced MMIO unregistration fails Destroy and free the target coalesced MMIO device if unregistering said device fails. As clearly noted in the code, kvm_io_bus_unregister_dev() does not destroy the target device. BUG: memory leak unreferenced object 0xffff888112a54880 (size 64): comm "syz-executor.2", pid 5258, jiffies 4297861402 (age 14.129s) hex dump (first 32 bytes): 38 c7 67 15 00 c9 ff ff

Affected Packages4 packages

Linuxlinux/linux_kernel5.5.05.10.173+4
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux7d1bc32d6477ff96a32695ea4be8144e4513ab2d10c2a20d73e99463e69b7e92706791656adc16d7+8
debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

3
OSV
KVM: Destroy target device if coalesced MMIO unregistration fails2025-12-24
OSV
CVE-2023-54024: In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy target device if coalesced MMIO unregistration fails Destroy and free2025-12-24
GHSA
GHSA-93rr-243g-pg85: In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy target device if coalesced MMIO unregistration fails Destroy and fr2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel KVM: Memory leak via coalesced MMIO unregistration failure2025-12-24
Debian
CVE-2023-54024: linux - In the Linux kernel, the following vulnerability has been resolved: KVM: Destro...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54024 Impact, Exploitability, and Mitigation Steps | Wiz