ghsa-v5xj-7363-557x
Vulnerability from github
Published
2025-12-24 15:30
Modified
2025-12-24 15:30
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: rt2x00: Fix memory leak when handling surveys

When removing a rt2x00 device, its associated channel surveys are not freed, causing a memory leak observable with kmemleak:

unreferenced object 0xffff9620f0881a00 (size 512): comm "systemd-udevd", pid 2290, jiffies 4294906974 (age 33.768s) hex dump (first 32 bytes): 70 44 12 00 00 00 00 00 92 8a 00 00 00 00 00 00 pD.............. 00 00 00 00 00 00 00 00 ab 87 01 00 00 00 00 00 ................ backtrace: [] __kmalloc+0x4b/0x130 [] rt2800_probe_hw+0xc2b/0x1380 [rt2800lib] [] rt2800usb_probe_hw+0xe/0x60 [rt2800usb] [] rt2x00lib_probe_dev+0x21a/0x7d0 [rt2x00lib] [] rt2x00usb_probe+0x1be/0x980 [rt2x00usb] [] usb_probe_interface+0xe2/0x310 [usbcore] [] really_probe+0x1a5/0x410 [] __driver_probe_device+0x78/0x180 [] driver_probe_device+0x1e/0x90 [] __driver_attach+0xd2/0x1c0 [] bus_for_each_dev+0x77/0xd0 [] bus_add_driver+0x112/0x210 [] driver_register+0x5c/0x120 [] usb_register_driver+0x88/0x150 [usbcore] [] do_one_initcall+0x44/0x220 [] do_init_module+0x4c/0x220

Fix this by freeing the channel surveys on device removal.

Tested with a RT3070 based USB wireless adapter.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-54131"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-24T13:16:15Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rt2x00: Fix memory leak when handling surveys\n\nWhen removing a rt2x00 device, its associated channel surveys\nare not freed, causing a memory leak observable with kmemleak:\n\nunreferenced object 0xffff9620f0881a00 (size 512):\n  comm \"systemd-udevd\", pid 2290, jiffies 4294906974 (age 33.768s)\n  hex dump (first 32 bytes):\n    70 44 12 00 00 00 00 00 92 8a 00 00 00 00 00 00  pD..............\n    00 00 00 00 00 00 00 00 ab 87 01 00 00 00 00 00  ................\n  backtrace:\n    [\u003cffffffffb0ed858b\u003e] __kmalloc+0x4b/0x130\n    [\u003cffffffffc1b0f29b\u003e] rt2800_probe_hw+0xc2b/0x1380 [rt2800lib]\n    [\u003cffffffffc1a9496e\u003e] rt2800usb_probe_hw+0xe/0x60 [rt2800usb]\n    [\u003cffffffffc1ae491a\u003e] rt2x00lib_probe_dev+0x21a/0x7d0 [rt2x00lib]\n    [\u003cffffffffc1b3b83e\u003e] rt2x00usb_probe+0x1be/0x980 [rt2x00usb]\n    [\u003cffffffffc05981e2\u003e] usb_probe_interface+0xe2/0x310 [usbcore]\n    [\u003cffffffffb13be2d5\u003e] really_probe+0x1a5/0x410\n    [\u003cffffffffb13be5c8\u003e] __driver_probe_device+0x78/0x180\n    [\u003cffffffffb13be6fe\u003e] driver_probe_device+0x1e/0x90\n    [\u003cffffffffb13be972\u003e] __driver_attach+0xd2/0x1c0\n    [\u003cffffffffb13bbc57\u003e] bus_for_each_dev+0x77/0xd0\n    [\u003cffffffffb13bd2a2\u003e] bus_add_driver+0x112/0x210\n    [\u003cffffffffb13bfc6c\u003e] driver_register+0x5c/0x120\n    [\u003cffffffffc0596ae8\u003e] usb_register_driver+0x88/0x150 [usbcore]\n    [\u003cffffffffb0c011c4\u003e] do_one_initcall+0x44/0x220\n    [\u003cffffffffb0d6134c\u003e] do_init_module+0x4c/0x220\n\nFix this by freeing the channel surveys on device removal.\n\nTested with a RT3070 based USB wireless adapter.",
  "id": "GHSA-v5xj-7363-557x",
  "modified": "2025-12-24T15:30:39Z",
  "published": "2025-12-24T15:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54131"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0354bce76ed1d775904acdb4cc0bf88c5b9b5b9f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/494064ffd60d044c097d514917c40913d1affbca"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bea3f8aa999318bdffa2d17753e492f76904f0ce"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cbef9a83c51dfcb07f77cfa6ac26f53a1ea86f49"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb77c0c0a17c53d83b5fe8e46490fb0a7ed9e6af"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.