{
  "threat_severity" : "Low",
  "public_date" : "2025-09-18T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: bpf: cpumap: Fix memory leak in cpu_map_update_elem",
    "id" : "2396508",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2396508"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-772",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nbpf: cpumap: Fix memory leak in cpu_map_update_elem\nSyzkaller reported a memory leak as follows:\nBUG: memory leak\nunreferenced object 0xff110001198ef748 (size 192):\ncomm \"syz-executor.3\", pid 17672, jiffies 4298118891 (age 9.906s)\nhex dump (first 32 bytes):\n00 00 00 00 4a 19 00 00 80 ad e3 e4 fe ff c0 00  ....J...........\n00 b2 d3 0c 01 00 11 ff 28 f5 8e 19 01 00 11 ff  ........(.......\nbacktrace:\n[<ffffffffadd28087>] __cpu_map_entry_alloc+0xf7/0xb00\n[<ffffffffadd28d8e>] cpu_map_update_elem+0x2fe/0x3d0\n[<ffffffffadc6d0fd>] bpf_map_update_value.isra.0+0x2bd/0x520\n[<ffffffffadc7349b>] map_update_elem+0x4cb/0x720\n[<ffffffffadc7d983>] __se_sys_bpf+0x8c3/0xb90\n[<ffffffffb029cc80>] do_syscall_64+0x30/0x40\n[<ffffffffb0400099>] entry_SYSCALL_64_after_hwframe+0x61/0xc6\nBUG: memory leak\nunreferenced object 0xff110001198ef528 (size 192):\ncomm \"syz-executor.3\", pid 17672, jiffies 4298118891 (age 9.906s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\nbacktrace:\n[<ffffffffadd281f0>] __cpu_map_entry_alloc+0x260/0xb00\n[<ffffffffadd28d8e>] cpu_map_update_elem+0x2fe/0x3d0\n[<ffffffffadc6d0fd>] bpf_map_update_value.isra.0+0x2bd/0x520\n[<ffffffffadc7349b>] map_update_elem+0x4cb/0x720\n[<ffffffffadc7d983>] __se_sys_bpf+0x8c3/0xb90\n[<ffffffffb029cc80>] do_syscall_64+0x30/0x40\n[<ffffffffb0400099>] entry_SYSCALL_64_after_hwframe+0x61/0xc6\nBUG: memory leak\nunreferenced object 0xff1100010fd93d68 (size 8):\ncomm \"syz-executor.3\", pid 17672, jiffies 4298118891 (age 9.906s)\nhex dump (first 8 bytes):\n00 00 00 00 00 00 00 00                          ........\nbacktrace:\n[<ffffffffade5db3e>] kvmalloc_node+0x11e/0x170\n[<ffffffffadd28280>] __cpu_map_entry_alloc+0x2f0/0xb00\n[<ffffffffadd28d8e>] cpu_map_update_elem+0x2fe/0x3d0\n[<ffffffffadc6d0fd>] bpf_map_update_value.isra.0+0x2bd/0x520\n[<ffffffffadc7349b>] map_update_elem+0x4cb/0x720\n[<ffffffffadc7d983>] __se_sys_bpf+0x8c3/0xb90\n[<ffffffffb029cc80>] do_syscall_64+0x30/0x40\n[<ffffffffb0400099>] entry_SYSCALL_64_after_hwframe+0x61/0xc6\nIn the cpu_map_update_elem flow, when kthread_stop is called before\ncalling the threadfn of rcpu->kthread, since the KTHREAD_SHOULD_STOP bit\nof kthread has been set by kthread_stop, the threadfn of rcpu->kthread\nwill never be executed, and rcpu->refcnt will never be 0, which will\nlead to the allocated rcpu, rcpu->queue and rcpu->queue->queue cannot be\nreleased.\nCalling kthread_stop before executing kthread's threadfn will return\n-EINTR. We can complete the release of memory resources in this state." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-05-22T00:00:00Z",
    "advisory" : "RHSA-2024:3138",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53441\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53441\nhttps://lore.kernel.org/linux-cve-announce/2025091859-CVE-2023-53441-0641@gregkh/T" ],
  "name" : "CVE-2023-53441",
  "csaw" : false
}