CVE-2023-54275 — Missing Release of Resource after Effective Lifetime in Linux

CWE-772 — Missing Release of Resource after Effective Lifetime7 documents6 sources

Severity

5.7MEDIUM

No vector

EPSS

0.0%

top 92.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup crypto_alloc_shash() allocates resources, which should be released by crypto_free_shash(). When ath11k_peer_find() fails, there has memory leak. Add missing crypto_free_shash() to fix this.

Affected Packages4 packages

▶Linuxlinux/linux_kernel5.7.0 — 5.10.173+3

▶Debianlinux/linux_kernel< 5.10.178-1+3

▶CVEListV5linux/linux243874c64c8137bc90455200a7735da72836ecab — 137963e3b95776f1d57c62f249a93fe47e019a22+5

▶debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-fg5h-p8w5-653v: In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup crypto_alloc_shash()↗2025-12-30

▶

OSV

wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup↗2025-12-30

▶

OSV

CVE-2023-54275: In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup crypto_alloc_shash() al↗2025-12-30

▶

📋Vendor Advisories

Red Hat

kernel: Linux kernel: Memory leak in ath11k Wi-Fi driver leads to Denial of Service↗2025-12-30

▶

Debian

CVE-2023-54275: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: ath11...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54275 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶