DEBIAN-CVE-2023-54115

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2023-54115
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54115.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-54115
Upstream
Published
2025-12-24T13:16:13.427Z
Modified
2025-12-25T11:20:25.260614Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: pcmcia: rsrcnonstatic: Fix memory leak in nonstaticreleaseresourcedb() When nonstaticreleaseresourcedb() frees all resources associated with an PCMCIA socket, it forgets to free socketdata too, causing a memory leak observable with kmemleak: unreferenced object 0xc28d1000 (size 64): comm "systemd-udevd", pid 297, jiffies 4294898478 (age 194.484s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 f0 85 0e c3 00 00 00 00 ................ 00 00 00 00 0c 10 8d c2 00 00 00 00 00 00 00 00 ................ backtrace: [<ffda4245>] kmemcacheallocnode+0x2d7/0x4a0 [<7e51f0c8>] kmalloctrace+0x31/0xa4 [<d52b4ca0>] nonstaticinit+0x24/0x1a4 [pcmciarsrc] [<a2f13e08>] pcmciaregistersocket+0x200/0x35c [pcmciacore] [<a728be1b>] yentaprobe+0x4d8/0xa70 [yentasocket] [<c48fac39>] pcideviceprobe+0x99/0x194 [<84b7c690>] reallyprobe+0x181/0x45c [<8060fe6e>] _driverprobedevice+0x75/0x1f4 [<b9b76f43>] driverprobedevice+0x28/0xac [<648b766f>] _driverattach+0xeb/0x1e4 [<6e9659eb>] busforeachdev+0x61/0xb4 [<25a669f3>] driverattach+0x1e/0x28 [<d8671d6b>] busadddriver+0x102/0x20c [<df0d323c>] driverregister+0x5b/0x120 [<942cd8a4>] _pciregisterdriver+0x44/0x4c [<e536027e>] _UNIQUEIDaddressablecleanupmodule188+0x1c/0xfffff000 [iTCOvendorsupport] Fix this by freeing socketdata too. Tested on a Acer Travelmate 4002WLMi by manually binding/unbinding the yentacardbus driver (yenta_socket).

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.197-1

Affected versions

5.*
5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1
5.10.127-1
5.10.127-2~bpo10+1
5.10.127-2
5.10.136-1
5.10.140-1
5.10.148-1
5.10.149-1
5.10.149-2
5.10.158-1
5.10.158-2
5.10.162-1
5.10.178-1
5.10.178-2
5.10.178-3
5.10.179-1
5.10.179-2
5.10.179-3
5.10.179-4
5.10.179-5
5.10.191-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54115.json"

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.52-1

Affected versions

6.*
6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54115.json"

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.13-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54115.json"

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.13-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54115.json"