CVE-2023-54020
- Source
- https://cve.org/CVERecord?id=CVE-2023-54020
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54020.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-54020
- Downstream
- Related
- Published
- 2025-12-24T10:55:50.583Z
- Modified
- 2026-03-20T12:33:24.484131Z
- Summary
- dmaengine: sf-pdma: pdma_desc memory leak fix
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: sf-pdma: pdma_desc memory leak fix
Commit b2cc5c465c2c ("dmaengine: sf-pdma: Add multithread support for a DMA channel") changed sfpdmaprepdmamemcpy() to unconditionally allocate a new sfpdmadesc each time it is called.
The driver previously recycled descs, by checking the inuse flag, only allocating additional descs if the existing one was in use. This logic was removed in commit b2cc5c465c2c ("dmaengine: sf-pdma: Add multithread support for a DMA channel"), but sfpdmafreedesc() was not changed to handle the new behaviour.
As a result, each time sfpdmaprepdmamemcpy() is called, the previous descriptor is leaked, over time leading to memory starvation:
unreferenced object 0xffffffe008447300 (size 192): comm "irq/39-mchpdsc", pid 343, jiffies 4294906910 (age 981.200s) hex dump (first 32 bytes): 00 00 00 ff 00 00 00 00 b8 c1 00 00 00 00 00 00 ................ 00 00 70 08 10 00 00 00 00 00 00 c0 00 00 00 00 ..p............. backtrace: [<00000000064a04f4>] kmemleakalloc+0x1e/0x28 [<00000000018927a7>] kmemcachealloc+0x11e/0x178 [<000000002aea8d16>] sfpdmaprepdmamemcpy+0x40/0x112
Add the missing kfree() to sfpdmafreedesc(), and remove the redundant inuse flag.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54020.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/03fece43fa109beba7cc9948c02f5e2d1205d607
- https://git.kernel.org/stable/c/8bd5040bd43f2b5ba3c898b09a3197a0c7ace126
- https://git.kernel.org/stable/c/ad222c9af25e3f074c180e389b3477dce42afc4f
- https://git.kernel.org/stable/c/b02e07015a5ac7bbc029da931ae17914b8ae0339
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54020.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-54020
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5ab2782c944e324008ef5d658f2494a9f0e3c5acFixedad222c9af25e3f074c180e389b3477dce42afc4f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb2cc5c465c2cb8ab697c3fd6583c614e3f6cfbccFixed03fece43fa109beba7cc9948c02f5e2d1205d607Fixed8bd5040bd43f2b5ba3c898b09a3197a0c7ace126Fixedb02e07015a5ac7bbc029da931ae17914b8ae0339
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedb9b4992f897be9b0b9e3a3b956cab6b75ccc3f11Last affected4c7350b1dd8a192af844de32fc99b9e34c876fdaLast affecteda93b3f1e11971a91b6441b6d47488f4492cc113f