CVE-2023-54131 (GCVE-0-2023-54131)
Vulnerability from cvelistv5
Published
2025-12-24 13:06
Modified
2025-12-24 13:06
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: Fix memory leak when handling surveys When removing a rt2x00 device, its associated channel surveys are not freed, causing a memory leak observable with kmemleak: unreferenced object 0xffff9620f0881a00 (size 512): comm "systemd-udevd", pid 2290, jiffies 4294906974 (age 33.768s) hex dump (first 32 bytes): 70 44 12 00 00 00 00 00 92 8a 00 00 00 00 00 00 pD.............. 00 00 00 00 00 00 00 00 ab 87 01 00 00 00 00 00 ................ backtrace: [<ffffffffb0ed858b>] __kmalloc+0x4b/0x130 [<ffffffffc1b0f29b>] rt2800_probe_hw+0xc2b/0x1380 [rt2800lib] [<ffffffffc1a9496e>] rt2800usb_probe_hw+0xe/0x60 [rt2800usb] [<ffffffffc1ae491a>] rt2x00lib_probe_dev+0x21a/0x7d0 [rt2x00lib] [<ffffffffc1b3b83e>] rt2x00usb_probe+0x1be/0x980 [rt2x00usb] [<ffffffffc05981e2>] usb_probe_interface+0xe2/0x310 [usbcore] [<ffffffffb13be2d5>] really_probe+0x1a5/0x410 [<ffffffffb13be5c8>] __driver_probe_device+0x78/0x180 [<ffffffffb13be6fe>] driver_probe_device+0x1e/0x90 [<ffffffffb13be972>] __driver_attach+0xd2/0x1c0 [<ffffffffb13bbc57>] bus_for_each_dev+0x77/0xd0 [<ffffffffb13bd2a2>] bus_add_driver+0x112/0x210 [<ffffffffb13bfc6c>] driver_register+0x5c/0x120 [<ffffffffc0596ae8>] usb_register_driver+0x88/0x150 [usbcore] [<ffffffffb0c011c4>] do_one_initcall+0x44/0x220 [<ffffffffb0d6134c>] do_init_module+0x4c/0x220 Fix this by freeing the channel surveys on device removal. Tested with a RT3070 based USB wireless adapter.
References
Impacted products
Vendor Product Version
Linux Linux Version: 5447626910f5b8d964761ed4fa4feaf1a3ac47d0
Version: 5447626910f5b8d964761ed4fa4feaf1a3ac47d0
Version: 5447626910f5b8d964761ed4fa4feaf1a3ac47d0
Version: 5447626910f5b8d964761ed4fa4feaf1a3ac47d0
Version: 5447626910f5b8d964761ed4fa4feaf1a3ac47d0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ralink/rt2x00/rt2x00dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "eb77c0c0a17c53d83b5fe8e46490fb0a7ed9e6af",
              "status": "affected",
              "version": "5447626910f5b8d964761ed4fa4feaf1a3ac47d0",
              "versionType": "git"
            },
            {
              "lessThan": "bea3f8aa999318bdffa2d17753e492f76904f0ce",
              "status": "affected",
              "version": "5447626910f5b8d964761ed4fa4feaf1a3ac47d0",
              "versionType": "git"
            },
            {
              "lessThan": "494064ffd60d044c097d514917c40913d1affbca",
              "status": "affected",
              "version": "5447626910f5b8d964761ed4fa4feaf1a3ac47d0",
              "versionType": "git"
            },
            {
              "lessThan": "0354bce76ed1d775904acdb4cc0bf88c5b9b5b9f",
              "status": "affected",
              "version": "5447626910f5b8d964761ed4fa4feaf1a3ac47d0",
              "versionType": "git"
            },
            {
              "lessThan": "cbef9a83c51dfcb07f77cfa6ac26f53a1ea86f49",
              "status": "affected",
              "version": "5447626910f5b8d964761ed4fa4feaf1a3ac47d0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ralink/rt2x00/rt2x00dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.111",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.111",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.28",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.15",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.2",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rt2x00: Fix memory leak when handling surveys\n\nWhen removing a rt2x00 device, its associated channel surveys\nare not freed, causing a memory leak observable with kmemleak:\n\nunreferenced object 0xffff9620f0881a00 (size 512):\n  comm \"systemd-udevd\", pid 2290, jiffies 4294906974 (age 33.768s)\n  hex dump (first 32 bytes):\n    70 44 12 00 00 00 00 00 92 8a 00 00 00 00 00 00  pD..............\n    00 00 00 00 00 00 00 00 ab 87 01 00 00 00 00 00  ................\n  backtrace:\n    [\u003cffffffffb0ed858b\u003e] __kmalloc+0x4b/0x130\n    [\u003cffffffffc1b0f29b\u003e] rt2800_probe_hw+0xc2b/0x1380 [rt2800lib]\n    [\u003cffffffffc1a9496e\u003e] rt2800usb_probe_hw+0xe/0x60 [rt2800usb]\n    [\u003cffffffffc1ae491a\u003e] rt2x00lib_probe_dev+0x21a/0x7d0 [rt2x00lib]\n    [\u003cffffffffc1b3b83e\u003e] rt2x00usb_probe+0x1be/0x980 [rt2x00usb]\n    [\u003cffffffffc05981e2\u003e] usb_probe_interface+0xe2/0x310 [usbcore]\n    [\u003cffffffffb13be2d5\u003e] really_probe+0x1a5/0x410\n    [\u003cffffffffb13be5c8\u003e] __driver_probe_device+0x78/0x180\n    [\u003cffffffffb13be6fe\u003e] driver_probe_device+0x1e/0x90\n    [\u003cffffffffb13be972\u003e] __driver_attach+0xd2/0x1c0\n    [\u003cffffffffb13bbc57\u003e] bus_for_each_dev+0x77/0xd0\n    [\u003cffffffffb13bd2a2\u003e] bus_add_driver+0x112/0x210\n    [\u003cffffffffb13bfc6c\u003e] driver_register+0x5c/0x120\n    [\u003cffffffffc0596ae8\u003e] usb_register_driver+0x88/0x150 [usbcore]\n    [\u003cffffffffb0c011c4\u003e] do_one_initcall+0x44/0x220\n    [\u003cffffffffb0d6134c\u003e] do_init_module+0x4c/0x220\n\nFix this by freeing the channel surveys on device removal.\n\nTested with a RT3070 based USB wireless adapter."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T13:06:48.227Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/eb77c0c0a17c53d83b5fe8e46490fb0a7ed9e6af"
        },
        {
          "url": "https://git.kernel.org/stable/c/bea3f8aa999318bdffa2d17753e492f76904f0ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/494064ffd60d044c097d514917c40913d1affbca"
        },
        {
          "url": "https://git.kernel.org/stable/c/0354bce76ed1d775904acdb4cc0bf88c5b9b5b9f"
        },
        {
          "url": "https://git.kernel.org/stable/c/cbef9a83c51dfcb07f77cfa6ac26f53a1ea86f49"
        }
      ],
      "title": "wifi: rt2x00: Fix memory leak when handling surveys",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54131",
    "datePublished": "2025-12-24T13:06:48.227Z",
    "dateReserved": "2025-12-24T13:02:52.521Z",
    "dateUpdated": "2025-12-24T13:06:48.227Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-54131\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-24T13:16:15.087\",\"lastModified\":\"2025-12-24T13:16:15.087\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nwifi: rt2x00: Fix memory leak when handling surveys\\n\\nWhen removing a rt2x00 device, its associated channel surveys\\nare not freed, causing a memory leak observable with kmemleak:\\n\\nunreferenced object 0xffff9620f0881a00 (size 512):\\n  comm \\\"systemd-udevd\\\", pid 2290, jiffies 4294906974 (age 33.768s)\\n  hex dump (first 32 bytes):\\n    70 44 12 00 00 00 00 00 92 8a 00 00 00 00 00 00  pD..............\\n    00 00 00 00 00 00 00 00 ab 87 01 00 00 00 00 00  ................\\n  backtrace:\\n    [\u003cffffffffb0ed858b\u003e] __kmalloc+0x4b/0x130\\n    [\u003cffffffffc1b0f29b\u003e] rt2800_probe_hw+0xc2b/0x1380 [rt2800lib]\\n    [\u003cffffffffc1a9496e\u003e] rt2800usb_probe_hw+0xe/0x60 [rt2800usb]\\n    [\u003cffffffffc1ae491a\u003e] rt2x00lib_probe_dev+0x21a/0x7d0 [rt2x00lib]\\n    [\u003cffffffffc1b3b83e\u003e] rt2x00usb_probe+0x1be/0x980 [rt2x00usb]\\n    [\u003cffffffffc05981e2\u003e] usb_probe_interface+0xe2/0x310 [usbcore]\\n    [\u003cffffffffb13be2d5\u003e] really_probe+0x1a5/0x410\\n    [\u003cffffffffb13be5c8\u003e] __driver_probe_device+0x78/0x180\\n    [\u003cffffffffb13be6fe\u003e] driver_probe_device+0x1e/0x90\\n    [\u003cffffffffb13be972\u003e] __driver_attach+0xd2/0x1c0\\n    [\u003cffffffffb13bbc57\u003e] bus_for_each_dev+0x77/0xd0\\n    [\u003cffffffffb13bd2a2\u003e] bus_add_driver+0x112/0x210\\n    [\u003cffffffffb13bfc6c\u003e] driver_register+0x5c/0x120\\n    [\u003cffffffffc0596ae8\u003e] usb_register_driver+0x88/0x150 [usbcore]\\n    [\u003cffffffffb0c011c4\u003e] do_one_initcall+0x44/0x220\\n    [\u003cffffffffb0d6134c\u003e] do_init_module+0x4c/0x220\\n\\nFix this by freeing the channel surveys on device removal.\\n\\nTested with a RT3070 based USB wireless adapter.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0354bce76ed1d775904acdb4cc0bf88c5b9b5b9f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/494064ffd60d044c097d514917c40913d1affbca\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bea3f8aa999318bdffa2d17753e492f76904f0ce\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/cbef9a83c51dfcb07f77cfa6ac26f53a1ea86f49\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/eb77c0c0a17c53d83b5fe8e46490fb0a7ed9e6af\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.