ghsa-35f8-m7gp-7vmp
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: core: Fix target_cmd_counter leak
The target_cmd_counter struct allocated via target_alloc_cmd_counter() is never freed, resulting in leaks across various transport types, e.g.:
unreferenced object 0xffff88801f920120 (size 96): comm "sh", pid 102, jiffies 4294892535 (age 713.412s) hex dump (first 32 bytes): 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 38 01 92 1f 80 88 ff ff ........8....... backtrace: [<00000000e58a6252>] kmalloc_trace+0x11/0x20 [<0000000043af4b2f>] target_alloc_cmd_counter+0x17/0x90 [target_core_mod] [<000000007da2dfa7>] target_setup_session+0x2d/0x140 [target_core_mod] [<0000000068feef86>] tcm_loop_tpg_nexus_store+0x19b/0x350 [tcm_loop] [<000000006a80e021>] configfs_write_iter+0xb1/0x120 [<00000000e9f4d860>] vfs_write+0x2e4/0x3c0 [<000000008143433b>] ksys_write+0x80/0xb0 [<00000000a7df29b2>] do_syscall_64+0x42/0x90 [<0000000053f45fb8>] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Free the structure alongside the corresponding iscsit_conn / se_sess parent.
{
"affected": [],
"aliases": [
"CVE-2023-54154"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-24T13:16:17Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Fix target_cmd_counter leak\n\nThe target_cmd_counter struct allocated via target_alloc_cmd_counter() is\nnever freed, resulting in leaks across various transport types, e.g.:\n\n unreferenced object 0xffff88801f920120 (size 96):\n comm \"sh\", pid 102, jiffies 4294892535 (age 713.412s)\n hex dump (first 32 bytes):\n 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 38 01 92 1f 80 88 ff ff ........8.......\n backtrace:\n [\u003c00000000e58a6252\u003e] kmalloc_trace+0x11/0x20\n [\u003c0000000043af4b2f\u003e] target_alloc_cmd_counter+0x17/0x90 [target_core_mod]\n [\u003c000000007da2dfa7\u003e] target_setup_session+0x2d/0x140 [target_core_mod]\n [\u003c0000000068feef86\u003e] tcm_loop_tpg_nexus_store+0x19b/0x350 [tcm_loop]\n [\u003c000000006a80e021\u003e] configfs_write_iter+0xb1/0x120\n [\u003c00000000e9f4d860\u003e] vfs_write+0x2e4/0x3c0\n [\u003c000000008143433b\u003e] ksys_write+0x80/0xb0\n [\u003c00000000a7df29b2\u003e] do_syscall_64+0x42/0x90\n [\u003c0000000053f45fb8\u003e] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nFree the structure alongside the corresponding iscsit_conn / se_sess\nparent.",
"id": "GHSA-35f8-m7gp-7vmp",
"modified": "2025-12-24T15:30:40Z",
"published": "2025-12-24T15:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54154"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1cd41d1669bcbc5052afa897f85608a62ff3fb30"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d14e3e553e05cb763964c991fe6acb0a6a1c6f9c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f84639c5ac5f4f95b3992da1af4ff382ebf2e819"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.