CVE-2023-54041Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memory leak when removing provided buffers When removing provided buffers, io_buffer structs are not being disposed of, leading to a memory leak. They can't be freed individually, because they are allocated in page-sized groups. They need to be added to some free list instead, such as io_buffers_cache. All callers already hold the lock protecting it, apart from when destroying buffers, so had to extend the lock t

Affected Packages4 packages

Linuxlinux/linux_kernel5.18.06.1.24+1
Debianlinux/linux_kernel< 6.1.25-1+2
CVEListV5linux/linuxcc3cec8367cba76a8ae4c271eba8450f3efc1ba3ac48787f58d1068f4e06d627c1135784d64b4c72+3
debiandebian/linux< linux 6.1.25-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-g296-6qj4-g8f8: In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memory leak when removing provided buffers When removing provided2025-12-24
OSV
CVE-2023-54041: In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memory leak when removing provided buffers When removing provided bu2025-12-24
OSV
io_uring: fix memory leak when removing provided buffers2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Memory leak in io_uring can lead to denial of service2025-12-24
Debian
CVE-2023-54041: linux - In the Linux kernel, the following vulnerability has been resolved: io_uring: f...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54041 Impact, Exploitability, and Mitigation Steps | Wiz