CVE-2023-53078
- Source
- https://cve.org/CVERecord?id=CVE-2023-53078
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53078.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53078
- Downstream
- Related
- Published
- 2025-05-02T15:55:28.246Z
- Modified
- 2026-04-11T12:46:40.792779Z
- Summary
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
scsi: scsidhalua: Fix memleak for 'qdata' in alua_activate()
If aluartpgqueue() failed from alua_activate(), then 'qdata' is not freed, which will cause following memleak:
unreferenced object 0xffff88810b2c6980 (size 32): comm "kworker/u16:2", pid 635322, jiffies 4355801099 (age 1216426.076s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$............. backtrace: [<0000000098f3a26d>] aluaactivate+0xb0/0x320 [<000000003b529641>] scsidhactivate+0xb2/0x140 [<000000007b296db3>] activatepathwork+0xc6/0xe0 [dmmultipath] [<000000007adc9ace>] processonework+0x3c5/0x730 [<00000000c457a985>] workerthread+0x93/0x650 [<00000000cb80e628>] kthread+0x1ba/0x210 [<00000000a1e61077>] retfrom_fork+0x22/0x30
Fix the problem by freeing 'qdata' in error path.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53078.json" }- References
-
- https://git.kernel.org/stable/c/0d89254a4320eb7de0970c478172f764125c6355
- https://git.kernel.org/stable/c/123483df146492ca22b503ae6dacc2ce7c3a3974
- https://git.kernel.org/stable/c/1c55982beb80c7d3c30278fc6cfda8496a31dbe6
- https://git.kernel.org/stable/c/5c4d71424df34fc23dc5336d09394ce68c849542
- https://git.kernel.org/stable/c/9311e7a554dffd3823499e309a8b86a5cd1540e5
- https://git.kernel.org/stable/c/a13faca032acbf2699293587085293bdfaafc8ae
- https://git.kernel.org/stable/c/c09cdf6eb815ee35e55d6c50ac7f63db58bd20b8
- https://git.kernel.org/stable/c/c110051d335ef7f62ad33474b0c23997fee5bfb5
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53078.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53078
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced625fe857e4fac6518716f3c0ff5e5deb8ec6d238Fixed123483df146492ca22b503ae6dacc2ce7c3a3974Fixedc110051d335ef7f62ad33474b0c23997fee5bfb5Fixed5c4d71424df34fc23dc5336d09394ce68c849542Fixedc09cdf6eb815ee35e55d6c50ac7f63db58bd20b8Fixed9311e7a554dffd3823499e309a8b86a5cd1540e5Fixed1c55982beb80c7d3c30278fc6cfda8496a31dbe6Fixed0d89254a4320eb7de0970c478172f764125c6355Fixeda13faca032acbf2699293587085293bdfaafc8ae
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected68b275b7cbf065a8ea9b964cbb7d78d2b63c635fLast affected2b1725d1df362499f6bbd5a7e245a4090b29c2bb
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.11.0Fixed4.14.312
- Type
- ECOSYSTEM
- Events
-
Introduced4.15.0Fixed4.19.280
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.240
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.177
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.105
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.22
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.2.9