{
  "threat_severity" : "Low",
  "public_date" : "2025-10-04T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ipmi_si: fix a memleak in try_smi_init()",
    "id" : "2401557",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2401557"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-771",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nipmi_si: fix a memleak in try_smi_init()\nKmemleak reported the following leak info in try_smi_init():\nunreferenced object 0xffff00018ecf9400 (size 1024):\ncomm \"modprobe\", pid 2707763, jiffies 4300851415 (age 773.308s)\nbacktrace:\n[<000000004ca5b312>] __kmalloc+0x4b8/0x7b0\n[<00000000953b1072>] try_smi_init+0x148/0x5dc [ipmi_si]\n[<000000006460d325>] 0xffff800081b10148\n[<0000000039206ea5>] do_one_initcall+0x64/0x2a4\n[<00000000601399ce>] do_init_module+0x50/0x300\n[<000000003c12ba3c>] load_module+0x7a8/0x9e0\n[<00000000c246fffe>] __se_sys_init_module+0x104/0x180\n[<00000000eea99093>] __arm64_sys_init_module+0x24/0x30\n[<0000000021b1ef87>] el0_svc_common.constprop.0+0x94/0x250\n[<0000000070f4f8b7>] do_el0_svc+0x48/0xe0\n[<000000005a05337f>] el0_svc+0x24/0x3c\n[<000000005eb248d6>] el0_sync_handler+0x160/0x164\n[<0000000030a59039>] el0_sync+0x160/0x180\nThe problem was that when an error occurred before handlers registration\nand after allocating `new_smi->si_sm`, the variable wouldn't be freed in\nthe error handling afterwards since `shutdown_smi()` hadn't been\nregistered yet. Fix it by adding a `kfree()` in the error handling path\nin `try_smi_init()`.", "A memory leak flaw was found in the Linux kernel's IPMI System Interface driver in the initialization error path. \nA local user can trigger this issue by loading the ipmi_si module when initialization fails after allocating the si_sm structure but before registering the shutdown handler. This causes the allocated memory to never be freed, resulting in a permanent memory leak leading to resource exhaustion and denial of service." ],
  "statement" : "The try_smi_init function performs IPMI interface initialization and allocates the new_smi->si_sm structure early in the process. If an error occurs after this allocation but before the shutdown_smi handler is registered, the error cleanup path returns without freeing si_sm because shutdown_smi is the normal mechanism for releasing this resource. Since initialization failures don't retry, each failed attempt permanently leaks 1024 bytes. While individual leaks are relatively small, repeated module load attempts (such as through automatic hardware detection or manual troubleshooting) can accumulate significant memory loss.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-05-22T00:00:00Z",
    "advisory" : "RHSA-2024:3138",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53611\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53611\nhttps://lore.kernel.org/linux-cve-announce/2025100433-CVE-2023-53611-a508@gregkh/T" ],
  "name" : "CVE-2023-53611",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent the ipmi_si module from being loaded. See https://access.redhat.com/solutions/41278 for instructions on blacklisting kernel modules.",
    "lang" : "en:us"
  },
  "csaw" : false
}