| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122427-CVE-2023-54001-7e74@gregkh>
Date: Wed, 24 Dec 2025 11:56:45 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2023-54001: staging: r8712: Fix memory leak in _r8712_init_xmit_priv()
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
staging: r8712: Fix memory leak in _r8712_init_xmit_priv()
In the above mentioned routine, memory is allocated in several places.
If the first succeeds and a later one fails, the routine will leak memory.
This patch fixes commit 2865d42c78a9 ("staging: r8712u: Add the new driver
to the mainline kernel"). A potential memory leak in
r8712_xmit_resource_alloc() is also addressed.
The Linux kernel CVE team has assigned CVE-2023-54001 to this issue.
Affected and fixed versions
===========================
Issue introduced in 2.6.37 with commit 2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef and fixed in 5.10.190 with commit fc511ae405f7ba29fbcb0246061ec15c272386e1
Issue introduced in 2.6.37 with commit 2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef and fixed in 5.15.124 with commit acacdbe0f740ca8c5d5da73d50870903a3ded677
Issue introduced in 2.6.37 with commit 2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef and fixed in 6.1.43 with commit 41e05572e871b10dbdc168c76175c97982daf4a4
Issue introduced in 2.6.37 with commit 2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef and fixed in 6.4.8 with commit 874555472c736813ba1f4baf0b4c09c8e26d81ea
Issue introduced in 2.6.37 with commit 2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef and fixed in 6.5 with commit ac83631230f77dda94154ed0ebfd368fc81c70a3
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2023-54001
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/staging/rtl8712/rtl871x_xmit.c
drivers/staging/rtl8712/xmit_linux.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/fc511ae405f7ba29fbcb0246061ec15c272386e1
https://git.kernel.org/stable/c/acacdbe0f740ca8c5d5da73d50870903a3ded677
https://git.kernel.org/stable/c/41e05572e871b10dbdc168c76175c97982daf4a4
https://git.kernel.org/stable/c/874555472c736813ba1f4baf0b4c09c8e26d81ea
https://git.kernel.org/stable/c/ac83631230f77dda94154ed0ebfd368fc81c70a3
Powered by blists - more mailing lists