|
Vulnerabilities
< Back

CVE-2023-54131

Updated on 24 Dec 2025

Severity

Awaiting Analysis

Details

Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

In the Linux kernel, the following vulnerability has been resolved:

wifi: rt2x00: Fix memory leak when handling surveys

When removing a rt2x00 device, its associated channel surveys are not freed, causing a memory leak observable with kmemleak:

unreferenced object 0xffff9620f0881a00 (size 512): comm “systemd-udevd”, pid 2290, jiffies 4294906974 (age 33.768s) hex dump (first 32 bytes): 70 44 12 00 00 00 00 00 92 8a 00 00 00 00 00 00 pD………….. 00 00 00 00 00 00 00 00 ab 87 01 00 00 00 00 00 ……………. backtrace: [] __kmalloc+0x4b/0x130 [] rt2800_probe_hw+0xc2b/0x1380 [rt2800lib] [] rt2800usb_probe_hw+0xe/0x60 [rt2800usb] [] rt2x00lib_probe_dev+0x21a/0x7d0 [rt2x00lib] [] rt2x00usb_probe+0x1be/0x980 [rt2x00usb] [] usb_probe_interface+0xe2/0x310 [usbcore] [] really_probe+0x1a5/0x410 [] __driver_probe_device+0x78/0x180 [] driver_probe_device+0x1e/0x90 [] __driver_attach+0xd2/0x1c0 [] bus_for_each_dev+0x77/0xd0 [] bus_add_driver+0x112/0x210 [] driver_register+0x5c/0x120 [] usb_register_driver+0x88/0x150 [usbcore] [] do_one_initcall+0x44/0x220 [] do_init_module+0x4c/0x220

Fix this by freeing the channel surveys on device removal.

Tested with a RT3070 based USB wireless adapter.

Details

Affected product:
AlmaLinux 9.2 ESU , CentOS 8.4 ELS , CentOS 8.5 ELS , CentOS Stream 8 ELS , TuxCare 9.6 ESU
Affected packages:
kernel @ 4.18.0 (+4 more)

In the Linux kernel, the following vulnerability has been resolved:

wifi: rt2x00: Fix memory leak when handling surveys

When removing a rt2x00 device, its associated channel surveys are not freed, causing a memory leak observable with kmemleak:

unreferenced object 0xffff9620f0881a00 (size 512): comm “systemd-udevd”, pid 2290, jiffies 4294906974 (age 33.768s) hex dump (first 32 bytes): 70 44 12 00 00 00 00 00 92 8a 00 00 00 00 00 00 pD………….. 00 00 00 00 00 00 00 00 ab 87 01 00 00 00 00 00 ……………. backtrace: [] __kmalloc+0x4b/0x130 [] rt2800_probe_hw+0xc2b/0x1380 [rt2800lib] [] rt2800usb_probe_hw+0xe/0x60 [rt2800usb] [] rt2x00lib_probe_dev+0x21a/0x7d0 [rt2x00lib] [] rt2x00usb_probe+0x1be/0x980 [rt2x00usb] [] usb_probe_interface+0xe2/0x310 [usbcore] [] really_probe+0x1a5/0x410 [] __driver_probe_device+0x78/0x180 [] driver_probe_device+0x1e/0x90 [] __driver_attach+0xd2/0x1c0 [] bus_for_each_dev+0x77/0xd0 [] bus_add_driver+0x112/0x210 [] driver_register+0x5c/0x120 [] usb_register_driver+0x88/0x150 [usbcore] [] do_one_initcall+0x44/0x220 [] do_init_module+0x4c/0x220

Fix this by freeing the channel surveys on device removal.

Tested with a RT3070 based USB wireless adapter.

Fixes