CVE-2023-54040 — Missing Release of Resource after Effective Lifetime in Linux

CWE-772 — Missing Release of Resource after Effective Lifetime7 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 92.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: ice: fix wrong fallback logic for FDIR When adding a FDIR filter, if ice_vc_fdir_set_irq_ctx returns failure, the inserted fdir entry will not be removed and if ice_vc_fdir_write_fltr returns failure, the fdir context info for irq handler will not be cleared which may lead to inconsistent or memory leak issue. This patch refines failure cases to resolve this issue.

Affected Packages4 packages

▶Linuxlinux/linux_kernel5.13.0 — 5.15.107+2

▶Debianlinux/linux_kernel< 6.1.25-1+2

▶CVEListV5linux/linux1f7ea1cd6a3748427512ccc9582e18cd9efea966 — 391d28c0e38c0e5b11a4240a2b4976cf63e87f45+4

▶debiandebian/linux< linux 6.1.25-1 (bookworm)

🔴Vulnerability Details

OSV

CVE-2023-54040: In the Linux kernel, the following vulnerability has been resolved: ice: fix wrong fallback logic for FDIR When adding a FDIR filter, if ice_vc_fdir_s↗2025-12-24

▶

GHSA

GHSA-jp7h-x2g7-335v: In the Linux kernel, the following vulnerability has been resolved: ice: fix wrong fallback logic for FDIR When adding a FDIR filter, if ice_vc_fdir↗2025-12-24

▶

OSV

ice: fix wrong fallback logic for FDIR↗2025-12-24

▶

📋Vendor Advisories

Red Hat

kernel: Linux kernel: Denial of Service due to incorrect FDIR filter fallback logic↗2025-12-24

▶

Debian

CVE-2023-54040: linux - In the Linux kernel, the following vulnerability has been resolved: ice: fix wr...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54040 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶