CVE-2023-54227Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime7 documents6 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 92.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix tags leak when shrink nr_hw_queues Although we don't need to realloc set->tags[] when shrink nr_hw_queues, we need to free them. Or these tags will be leaked. How to reproduce: 1. mount -t configfs configfs /mnt 2. modprobe null_blk nr_devices=0 submit_queues=8 3. mkdir /mnt/nullb/nullb0 4. echo 1 > /mnt/nullb/nullb0/power 5. echo 4 > /mnt/nullb/nullb0/submit_queues 6. rmdir /mnt/nullb/nullb0 In step 4, will allo

Affected Packages4 packages

Linuxlinux/linux_kernel5.16.06.5.5
Debianlinux/linux_kernel< 6.5.6-1+1
CVEListV5linux/linuxa846a8e6c9a5949582c5a6a8bbc83a7d27fd891ec0ef7493e68b8896806a2f598fcffbaa97333405+2
debiandebian/linux< linux 6.5.6-1 (forky)

🔴Vulnerability Details

3
GHSA
GHSA-5vch-5hxh-2rq8: In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix tags leak when shrink nr_hw_queues Although we don't need to realloc2025-12-30
OSV
blk-mq: fix tags leak when shrink nr_hw_queues2025-12-30
OSV
CVE-2023-54227: In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix tags leak when shrink nr_hw_queues Although we don't need to realloc s2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: blk-mq: fix tags leak when shrink nr_hw_queues2025-12-30
Debian
CVE-2023-54227: linux - In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54227 Impact, Exploitability, and Mitigation Steps | Wiz