| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122440-CVE-2023-54041-57f4@gregkh> Date: Wed, 24 Dec 2025 11:57:25 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54041: io_uring: fix memory leak when removing provided buffers From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memory leak when removing provided buffers When removing provided buffers, io_buffer structs are not being disposed of, leading to a memory leak. They can't be freed individually, because they are allocated in page-sized groups. They need to be added to some free list instead, such as io_buffers_cache. All callers already hold the lock protecting it, apart from when destroying buffers, so had to extend the lock there. The Linux kernel CVE team has assigned CVE-2023-54041 to this issue. Affected and fixed versions =========================== Issue introduced in 5.18 with commit cc3cec8367cba76a8ae4c271eba8450f3efc1ba3 and fixed in 6.1.24 with commit ac48787f58d1068f4e06d627c1135784d64b4c72 Issue introduced in 5.18 with commit cc3cec8367cba76a8ae4c271eba8450f3efc1ba3 and fixed in 6.2.11 with commit c117c15927772d1624c29c092b6bd3f47c7faa48 Issue introduced in 5.18 with commit cc3cec8367cba76a8ae4c271eba8450f3efc1ba3 and fixed in 6.3 with commit b4a72c0589fdea6259720375426179888969d6a2 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54041 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: io_uring/io_uring.c io_uring/kbuf.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/ac48787f58d1068f4e06d627c1135784d64b4c72 https://git.kernel.org/stable/c/c117c15927772d1624c29c092b6bd3f47c7faa48 https://git.kernel.org/stable/c/b4a72c0589fdea6259720375426179888969d6a2
Powered by blists - more mailing lists