fkie_cve-2023-54131
Vulnerability from fkie_nvd
Published
2025-12-24 13:16
Modified
2025-12-24 13:16
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: Fix memory leak when handling surveys When removing a rt2x00 device, its associated channel surveys are not freed, causing a memory leak observable with kmemleak: unreferenced object 0xffff9620f0881a00 (size 512): comm "systemd-udevd", pid 2290, jiffies 4294906974 (age 33.768s) hex dump (first 32 bytes): 70 44 12 00 00 00 00 00 92 8a 00 00 00 00 00 00 pD.............. 00 00 00 00 00 00 00 00 ab 87 01 00 00 00 00 00 ................ backtrace: [<ffffffffb0ed858b>] __kmalloc+0x4b/0x130 [<ffffffffc1b0f29b>] rt2800_probe_hw+0xc2b/0x1380 [rt2800lib] [<ffffffffc1a9496e>] rt2800usb_probe_hw+0xe/0x60 [rt2800usb] [<ffffffffc1ae491a>] rt2x00lib_probe_dev+0x21a/0x7d0 [rt2x00lib] [<ffffffffc1b3b83e>] rt2x00usb_probe+0x1be/0x980 [rt2x00usb] [<ffffffffc05981e2>] usb_probe_interface+0xe2/0x310 [usbcore] [<ffffffffb13be2d5>] really_probe+0x1a5/0x410 [<ffffffffb13be5c8>] __driver_probe_device+0x78/0x180 [<ffffffffb13be6fe>] driver_probe_device+0x1e/0x90 [<ffffffffb13be972>] __driver_attach+0xd2/0x1c0 [<ffffffffb13bbc57>] bus_for_each_dev+0x77/0xd0 [<ffffffffb13bd2a2>] bus_add_driver+0x112/0x210 [<ffffffffb13bfc6c>] driver_register+0x5c/0x120 [<ffffffffc0596ae8>] usb_register_driver+0x88/0x150 [usbcore] [<ffffffffb0c011c4>] do_one_initcall+0x44/0x220 [<ffffffffb0d6134c>] do_init_module+0x4c/0x220 Fix this by freeing the channel surveys on device removal. Tested with a RT3070 based USB wireless adapter.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0354bce76ed1d775904acdb4cc0bf88c5b9b5b9f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/494064ffd60d044c097d514917c40913d1affbca
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bea3f8aa999318bdffa2d17753e492f76904f0ce
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/cbef9a83c51dfcb07f77cfa6ac26f53a1ea86f49
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/eb77c0c0a17c53d83b5fe8e46490fb0a7ed9e6af
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rt2x00: Fix memory leak when handling surveys\n\nWhen removing a rt2x00 device, its associated channel surveys\nare not freed, causing a memory leak observable with kmemleak:\n\nunreferenced object 0xffff9620f0881a00 (size 512):\n  comm \"systemd-udevd\", pid 2290, jiffies 4294906974 (age 33.768s)\n  hex dump (first 32 bytes):\n    70 44 12 00 00 00 00 00 92 8a 00 00 00 00 00 00  pD..............\n    00 00 00 00 00 00 00 00 ab 87 01 00 00 00 00 00  ................\n  backtrace:\n    [\u003cffffffffb0ed858b\u003e] __kmalloc+0x4b/0x130\n    [\u003cffffffffc1b0f29b\u003e] rt2800_probe_hw+0xc2b/0x1380 [rt2800lib]\n    [\u003cffffffffc1a9496e\u003e] rt2800usb_probe_hw+0xe/0x60 [rt2800usb]\n    [\u003cffffffffc1ae491a\u003e] rt2x00lib_probe_dev+0x21a/0x7d0 [rt2x00lib]\n    [\u003cffffffffc1b3b83e\u003e] rt2x00usb_probe+0x1be/0x980 [rt2x00usb]\n    [\u003cffffffffc05981e2\u003e] usb_probe_interface+0xe2/0x310 [usbcore]\n    [\u003cffffffffb13be2d5\u003e] really_probe+0x1a5/0x410\n    [\u003cffffffffb13be5c8\u003e] __driver_probe_device+0x78/0x180\n    [\u003cffffffffb13be6fe\u003e] driver_probe_device+0x1e/0x90\n    [\u003cffffffffb13be972\u003e] __driver_attach+0xd2/0x1c0\n    [\u003cffffffffb13bbc57\u003e] bus_for_each_dev+0x77/0xd0\n    [\u003cffffffffb13bd2a2\u003e] bus_add_driver+0x112/0x210\n    [\u003cffffffffb13bfc6c\u003e] driver_register+0x5c/0x120\n    [\u003cffffffffc0596ae8\u003e] usb_register_driver+0x88/0x150 [usbcore]\n    [\u003cffffffffb0c011c4\u003e] do_one_initcall+0x44/0x220\n    [\u003cffffffffb0d6134c\u003e] do_init_module+0x4c/0x220\n\nFix this by freeing the channel surveys on device removal.\n\nTested with a RT3070 based USB wireless adapter."
    }
  ],
  "id": "CVE-2023-54131",
  "lastModified": "2025-12-24T13:16:15.087",
  "metrics": {},
  "published": "2025-12-24T13:16:15.087",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0354bce76ed1d775904acdb4cc0bf88c5b9b5b9f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/494064ffd60d044c097d514917c40913d1affbca"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/bea3f8aa999318bdffa2d17753e492f76904f0ce"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/cbef9a83c51dfcb07f77cfa6ac26f53a1ea86f49"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/eb77c0c0a17c53d83b5fe8e46490fb0a7ed9e6af"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Received"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.