CVE-2023-54294 — Missing Release of Resource after Effective Lifetime in Linux

CWE-772 — Missing Release of Resource after Effective Lifetime7 documents6 sources

Severity

3.3LOW

No vector

EPSS

0.0%

top 89.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak of md thread In raid10_run(), if setup_conf() succeed and raid10_run() failed before setting 'mddev->thread', then in the error path 'conf->thread' is not freed. Fix the problem by setting 'mddev->thread' right after setup_conf().

Affected Packages4 packages

▶Linuxlinux/linux_kernel4.16.0 — 4.19.283+6

▶Debianlinux/linux_kernel< 5.10.191-1+3

▶CVEListV5linux/linux43a521238aca0e24d50add1db125a61bda2a3527 — abf4d67060c8f63caff096e5fca1564bfef1e5d4+8

▶debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

OSV

md/raid10: fix memleak of md thread↗2025-12-30

▶

OSV

CVE-2023-54294: In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak of md thread In raid10_run(), if setup_conf() succeed and r↗2025-12-30

▶

GHSA

GHSA-cpq6-27xg-r565: In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak of md thread In raid10_run(), if setup_conf() succeed and↗2025-12-30

▶

📋Vendor Advisories

Red Hat

kernel: md/raid10: fix memleak of md thread↗2025-12-30

▶

Debian

CVE-2023-54294: linux - In the Linux kernel, the following vulnerability has been resolved: md/raid10: ...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54294 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶