CVE-2023-53078

scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() If alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not freed, which will cause following memleak: unreferenced object 0xffff88810b2c6980 (size 32): comm "kworker/u16:2", pid 635322, jiffies 4355801099 (age 1216426.076s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$............. backtrace: [<0000000098f3a26d>] alua_activate+0xb0/0x320 [<000000003b529641>] scsi_dh_activate+0xb2/0x140 [<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath] [<000000007adc9ace>] process_one_work+0x3c5/0x730 [<00000000c457a985>] worker_thread+0x93/0x650 [<00000000cb80e628>] kthread+0x1ba/0x210 [<00000000a1e61077>] ret_from_fork+0x22/0x30 Fix the problem by freeing 'qdata' in error path.

N/A
CVSS
Severity:
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/123483df146492ca22b503ae6dacc2ce7c3a3974
https://git.kernel.org/stable/c/c110051d335ef7f62ad33474b0c23997fee5bfb5
https://git.kernel.org/stable/c/5c4d71424df34fc23dc5336d09394ce68c849542
https://git.kernel.org/stable/c/c09cdf6eb815ee35e55d6c50ac7f63db58bd20b8
https://git.kernel.org/stable/c/9311e7a554dffd3823499e309a8b86a5cd1540e5
https://git.kernel.org/stable/c/1c55982beb80c7d3c30278fc6cfda8496a31dbe6
https://git.kernel.org/stable/c/0d89254a4320eb7de0970c478172f764125c6355
https://git.kernel.org/stable/c/a13faca032acbf2699293587085293bdfaafc8ae

Frequently Asked Questions

What is the severity of CVE-2023-53078?
CVE-2023-53078 has not yet been assigned a CVSS score.
How to fix CVE-2023-53078?
To fix CVE-2023-53078, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-53078 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-53078 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-53078?
CVE-2023-53078 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.