{
  "threat_severity" : "Low",
  "public_date" : "2025-10-22T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()",
    "id" : "2405745",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2405745"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-772",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nscsi: qla2xxx: Fix memory leak in qla2x00_probe_one()\nThere is a memory leak reported by kmemleak:\nunreferenced object 0xffffc900003f0000 (size 12288):\ncomm \"modprobe\", pid 19117, jiffies 4299751452 (age 42490.264s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\nbacktrace:\n[<00000000629261a8>] __vmalloc_node_range+0xe56/0x1110\n[<0000000001906886>] __vmalloc_node+0xbd/0x150\n[<000000005bb4dc34>] vmalloc+0x25/0x30\n[<00000000a2dc1194>] qla2x00_create_host+0x7a0/0xe30 [qla2xxx]\n[<0000000062b14b47>] qla2x00_probe_one+0x2eb8/0xd160 [qla2xxx]\n[<00000000641ccc04>] local_pci_probe+0xeb/0x1a0\nThe root cause is traced to an error-handling path in qla2x00_probe_one()\nwhen the adapter \"base_vha\" initialize failed. The fab_scan_rp \"scan.l\" is\nused to record the port information and it is allocated in\nqla2x00_create_host(). However, it is not released in the error handling\npath \"probe_failed\".\nFix this by freeing the memory of \"scan.l\" when an error occurs in the\nadapter initialization process." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-05-22T00:00:00Z",
    "advisory" : "RHSA-2024:3138",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53696\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53696\nhttps://lore.kernel.org/linux-cve-announce/2025102210-CVE-2023-53696-dadf@gregkh/T" ],
  "name" : "CVE-2023-53696",
  "csaw" : false
}