CVE-2023-54209Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime7 documents6 sources
Severity
4.4MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: block: fix blktrace debugfs entries leakage Commit 99d055b4fd4b ("block: remove per-disk debugfs files in blk_unregister_queue") moves blk_trace_shutdown() from blk_release_queue() to blk_unregister_queue(), this is safe if blktrace is created through sysfs, however, there is a regression in corner case. blktrace can still be enabled after del_gendisk() through ioctl if the disk is opened before del_gendisk(), and if blktrace

Affected Packages4 packages

Linuxlinux/linux_kernel5.19.06.1.39+2
Debianlinux/linux_kernel< 6.1.52-1+2
CVEListV5linux/linux99d055b4fd4bbb309c6cdb51a0d420669f777944aa07e56c6a9c7558165690d14eed4fe8babf34fb+4
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-mxfp-7rqw-mqhc: In the Linux kernel, the following vulnerability has been resolved: block: fix blktrace debugfs entries leakage Commit 99d055b4fd4b ("block: remove2025-12-30
OSV
block: fix blktrace debugfs entries leakage2025-12-30
OSV
CVE-2023-54209: In the Linux kernel, the following vulnerability has been resolved: block: fix blktrace debugfs entries leakage Commit 99d055b4fd4b ("block: remove pe2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: block: fix blktrace debugfs entries leakage2025-12-30
Debian
CVE-2023-54209: linux - In the Linux kernel, the following vulnerability has been resolved: block: fix ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54209 Impact, Exploitability, and Mitigation Steps | Wiz