CVE-2023-54154
- Source
- https://cve.org/CVERecord?id=CVE-2023-54154
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54154.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-54154
- Downstream
- Related
- Published
- 2025-12-24T13:07:04.721Z
- Modified
- 2026-03-11T07:46:53.632090Z
- Summary
- scsi: target: core: Fix target_cmd_counter leak
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: core: Fix targetcmdcounter leak
The targetcmdcounter struct allocated via targetalloccmd_counter() is never freed, resulting in leaks across various transport types, e.g.:
unreferenced object 0xffff88801f920120 (size 96): comm "sh", pid 102, jiffies 4294892535 (age 713.412s) hex dump (first 32 bytes): 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 38 01 92 1f 80 88 ff ff ........8....... backtrace: [<00000000e58a6252>] kmalloctrace+0x11/0x20 [<0000000043af4b2f>] targetalloccmdcounter+0x17/0x90 [targetcoremod] [<000000007da2dfa7>] targetsetupsession+0x2d/0x140 [targetcoremod] [<0000000068feef86>] tcmlooptpgnexusstore+0x19b/0x350 [tcmloop] [<000000006a80e021>] configfswriteiter+0xb1/0x120 [<00000000e9f4d860>] vfswrite+0x2e4/0x3c0 [<000000008143433b>] ksyswrite+0x80/0xb0 [<00000000a7df29b2>] dosyscall64+0x42/0x90 [<0000000053f45fb8>] entrySYSCALL64after_hwframe+0x6e/0xd8
Free the structure alongside the corresponding iscsitconn / sesess parent.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54154.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1cd41d1669bcbc5052afa897f85608a62ff3fb30
- https://git.kernel.org/stable/c/d14e3e553e05cb763964c991fe6acb0a6a1c6f9c
- https://git.kernel.org/stable/c/f84639c5ac5f4f95b3992da1af4ff382ebf2e819
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54154.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-54154
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced76b77646f17118f5babe93c032e6b7a53bbde3b9Fixed1cd41d1669bcbc5052afa897f85608a62ff3fb30
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbecd9be6069e7b183c084f460f0eb363e43cc487Fixedf84639c5ac5f4f95b3992da1af4ff382ebf2e819Fixedd14e3e553e05cb763964c991fe6acb0a6a1c6f9c
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedbc5ebf93ae23a928303b3643c6f4c4da2f769e7cLast affected1eaaf1b828cdaa58abccc68962d24005fd5e8852