CVE-2023-54036Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU The wifi + bluetooth combo chip RTL8723BU can leak memory (especially?) when it's connected to a bluetooth audio device. The busy bluetooth traffic generates lots of C2H (card to host) messages, which are not freed correctly. To fix this, move the dev_kfree_skb() call in rtl8xxxu_c2hcmd_callback() inside the loop where skb_dequeue() is called. The RTL8192EU leaks mem

Affected Packages4 packages

Linuxlinux/linux_kernel5.5.05.10.173+3
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linuxe542e66b7c2ee2adeefdbb7f259f2f60cadf2819430f9f9bec53a75f9ccc53e156a66f13fc098b83+5
debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54036: In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU The wifi + bluetooth co2025-12-24
OSV
wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU2025-12-24
GHSA
GHSA-j3w7-7qhh-rrr2: In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU The wifi + bluetooth2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Denial of Service due to memory leak in rtl8xxxu Wi-Fi driver2025-12-24
Debian
CVE-2023-54036: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8x...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54036 Impact, Exploitability, and Mitigation Steps | Wiz