DEBIAN-CVE-2023-54131

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2023-54131
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54131.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-54131
Upstream
Published
2025-12-24T13:16:15.087Z
Modified
2025-12-25T11:20:28.040462Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: Fix memory leak when handling surveys When removing a rt2x00 device, its associated channel surveys are not freed, causing a memory leak observable with kmemleak: unreferenced object 0xffff9620f0881a00 (size 512): comm "systemd-udevd", pid 2290, jiffies 4294906974 (age 33.768s) hex dump (first 32 bytes): 70 44 12 00 00 00 00 00 92 8a 00 00 00 00 00 00 pD.............. 00 00 00 00 00 00 00 00 ab 87 01 00 00 00 00 00 ................ backtrace: [<ffffffffb0ed858b>] _kmalloc+0x4b/0x130 [<ffffffffc1b0f29b>] rt2800probehw+0xc2b/0x1380 [rt2800lib] [<ffffffffc1a9496e>] rt2800usbprobehw+0xe/0x60 [rt2800usb] [<ffffffffc1ae491a>] rt2x00libprobedev+0x21a/0x7d0 [rt2x00lib] [<ffffffffc1b3b83e>] rt2x00usbprobe+0x1be/0x980 [rt2x00usb] [<ffffffffc05981e2>] usbprobeinterface+0xe2/0x310 [usbcore] [<ffffffffb13be2d5>] reallyprobe+0x1a5/0x410 [<ffffffffb13be5c8>] _driverprobedevice+0x78/0x180 [<ffffffffb13be6fe>] driverprobedevice+0x1e/0x90 [<ffffffffb13be972>] _driverattach+0xd2/0x1c0 [<ffffffffb13bbc57>] busforeachdev+0x77/0xd0 [<ffffffffb13bd2a2>] busadddriver+0x112/0x210 [<ffffffffb13bfc6c>] driverregister+0x5c/0x120 [<ffffffffc0596ae8>] usbregisterdriver+0x88/0x150 [usbcore] [<ffffffffb0c011c4>] dooneinitcall+0x44/0x220 [<ffffffffb0d6134c>] doinitmodule+0x4c/0x220 Fix this by freeing the channel surveys on device removal. Tested with a RT3070 based USB wireless adapter.

References

Affected packages

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.37-1

Affected versions

6.*

6.1.27-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54131.json"

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.3.7-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54131.json"

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.3.7-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54131.json"