CVE-2023-54154 — Missing Release of Resource after Effective Lifetime in Linux

CWE-772 — Missing Release of Resource after Effective Lifetime7 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 93.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix target_cmd_counter leak The target_cmd_counter struct allocated via target_alloc_cmd_counter() is never freed, resulting in leaks across various transport types, e.g.: unreferenced object 0xffff88801f920120 (size 96): comm "sh", pid 102, jiffies 4294892535 (age 713.412s) hex dump (first 32 bytes): 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 38 01 92 1f 80 88…

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.2.0 — 6.5.5+1

▶Debianlinux/linux_kernel< 6.1.55-1+2

▶CVEListV5linux/linux76b77646f17118f5babe93c032e6b7a53bbde3b9 — 1cd41d1669bcbc5052afa897f85608a62ff3fb30+5

▶debiandebian/linux< linux 6.1.55-1 (bookworm)

🔴Vulnerability Details

OSV

CVE-2023-54154: In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix target_cmd_counter leak The target_cmd_counter struct allo↗2025-12-24

▶

GHSA

GHSA-35f8-m7gp-7vmp: In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix target_cmd_counter leak The target_cmd_counter struct al↗2025-12-24

▶

OSV

scsi: target: core: Fix target_cmd_counter leak↗2025-12-24

▶

📋Vendor Advisories

Red Hat

kernel: Linux kernel: Denial of Service due to memory leak in target_cmd_counter↗2025-12-24

▶

Debian

CVE-2023-54154: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: targe...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54154 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶