DEBIAN-CVE-2023-54024

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-54024

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54024.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-54024

Upstream

CVE-2023-54024

Published

2025-12-24T11:15:55.403Z

Modified

2025-12-25T11:19:45.347350Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy target device if coalesced MMIO unregistration fails Destroy and free the target coalesced MMIO device if unregistering said device fails. As clearly noted in the code, kvmiobusunregisterdev() does not destroy the target device. BUG: memory leak unreferenced object 0xffff888112a54880 (size 64): comm "syz-executor.2", pid 5258, jiffies 4297861402 (age 14.129s) hex dump (first 32 bytes): 38 c7 67 15 00 c9 ff ff 38 c7 67 15 00 c9 ff ff 8.g.....8.g..... e0 c7 e1 83 ff ff ff ff 00 30 67 15 00 c9 ff ff .........0g..... backtrace: [<0000000006995a8a>] kmalloc include/linux/slab.h:556 [inline] [<0000000006995a8a>] kzalloc include/linux/slab.h:690 [inline] [<0000000006995a8a>] kvmvmioctlregistercoalescedmmio+0x8e/0x3d0 arch/x86/kvm/../../../virt/kvm/coalescedmmio.c:150 [<00000000022550c2>] kvmvmioctl+0x47d/0x1600 arch/x86/kvm/../../../virt/kvm/kvmmain.c:3323 [<000000008a75102f>] vfsioctl fs/ioctl.c:46 [inline] [<000000008a75102f>] fileioctl fs/ioctl.c:509 [inline] [<000000008a75102f>] dovfsioctl+0xbab/0x1160 fs/ioctl.c:696 [<0000000080e3f669>] ksysioctl+0x76/0xa0 fs/ioctl.c:713 [<0000000059ef4888>] _dosysioctl fs/ioctl.c:720 [inline] [<0000000059ef4888>] _sesysioctl fs/ioctl.c:718 [inline] [<0000000059ef4888>] _x64sysioctl+0x6f/0xb0 fs/ioctl.c:718 [<000000006444fa05>] dosyscall64+0x9f/0x4e0 arch/x86/entry/common.c:290 [<000000009a4ed50b>] entrySYSCALL64after_hwframe+0x49/0xbe BUG: leak checking failed

References

https://security-tracker.debian.org/tracker/CVE-2023-54024

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.178-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

5.10.158-1

5.10.158-2

5.10.162-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54024.json"

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54024.json"

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54024.json"

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54024.json"