{
  "threat_severity" : "Moderate",
  "public_date" : "2025-05-02T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()",
    "id" : "2363707",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2363707"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nscsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()\nIf alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not\nfreed, which will cause following memleak:\nunreferenced object 0xffff88810b2c6980 (size 32):\ncomm \"kworker/u16:2\", pid 635322, jiffies 4355801099 (age 1216426.076s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff  @9$.............\nbacktrace:\n[<0000000098f3a26d>] alua_activate+0xb0/0x320\n[<000000003b529641>] scsi_dh_activate+0xb2/0x140\n[<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath]\n[<000000007adc9ace>] process_one_work+0x3c5/0x730\n[<00000000c457a985>] worker_thread+0x93/0x650\n[<00000000cb80e628>] kthread+0x1ba/0x210\n[<00000000a1e61077>] ret_from_fork+0x22/0x30\nFix the problem by freeing 'qdata' in error path." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:7077",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-513.5.1.el8_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53078\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53078\nhttps://lore.kernel.org/linux-cve-announce/2025050216-CVE-2023-53078-45e1@gregkh/T" ],
  "name" : "CVE-2023-53078",
  "csaw" : false
}