CVE-2023-54033Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: fix a memory leak in the LRU and LRU_PERCPU hash maps The LRU and LRU_PERCPU maps allocate a new element on update before locking the target hash table bucket. Right after that the maps try to lock the bucket. If this fails, then maps return -EBUSY to the caller without releasing the allocated element. This makes the element untracked: it doesn't belong to either of free lists, and it doesn't belong to the hash table, so

Affected Packages4 packages

Linuxlinux/linux_kernel5.11.05.15.115+2
Debianlinux/linux_kernel< 6.1.37-1+2
CVEListV5linux/linux20b6cc34ea74b6a84599c1f8a70f3315b56a188379ea1a12fb9a8275b6e19d4ca625dd872dedcbb9+4
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
bpf: fix a memory leak in the LRU and LRU_PERCPU hash maps2025-12-24
OSV
CVE-2023-54033: In the Linux kernel, the following vulnerability has been resolved: bpf: fix a memory leak in the LRU and LRU_PERCPU hash maps The LRU and LRU_PERCPU2025-12-24
GHSA
GHSA-hcpj-xwwg-jgh9: In the Linux kernel, the following vulnerability has been resolved: bpf: fix a memory leak in the LRU and LRU_PERCPU hash maps The LRU and LRU_PERCP2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: kernel: Denial of Service via memory leak in LRU hash maps2025-12-24
Debian
CVE-2023-54033: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: fix a ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54033 Impact, Exploitability, and Mitigation Steps | Wiz