{
  "threat_severity" : "Low",
  "public_date" : "2025-12-09T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: nvme-core: fix memory leak in dhchap_secret_store",
    "id" : "2420338",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2420338"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-771",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnvme-core: fix memory leak in dhchap_secret_store\nFree dhchap_secret in nvme_ctrl_dhchap_secret_store() before we return\nfix following kmemleack:-\nunreferenced object 0xffff8886376ea800 (size 64):\ncomm \"check\", pid 22048, jiffies 4344316705 (age 92.199s)\nhex dump (first 32 bytes):\n44 48 48 43 2d 31 3a 30 30 3a 6e 78 72 35 4b 67  DHHC-1:00:nxr5Kg\n75 58 34 75 6f 41 78 73 4a 61 34 63 2f 68 75 4c  uX4uoAxsJa4c/huL\nbacktrace:\n[<0000000030ce5d4b>] __kmalloc+0x4b/0x130\n[<000000009be1cdc1>] nvme_ctrl_dhchap_secret_store+0x8f/0x160 [nvme_core]\n[<00000000ac06c96a>] kernfs_fop_write_iter+0x12b/0x1c0\n[<00000000437e7ced>] vfs_write+0x2ba/0x3c0\n[<00000000f9491baf>] ksys_write+0x5f/0xe0\n[<000000001c46513d>] do_syscall_64+0x3b/0x90\n[<00000000ecf348fe>] entry_SYSCALL_64_after_hwframe+0x72/0xdc\nunreferenced object 0xffff8886376eaf00 (size 64):\ncomm \"check\", pid 22048, jiffies 4344316736 (age 92.168s)\nhex dump (first 32 bytes):\n44 48 48 43 2d 31 3a 30 30 3a 6e 78 72 35 4b 67  DHHC-1:00:nxr5Kg\n75 58 34 75 6f 41 78 73 4a 61 34 63 2f 68 75 4c  uX4uoAxsJa4c/huL\nbacktrace:\n[<0000000030ce5d4b>] __kmalloc+0x4b/0x130\n[<000000009be1cdc1>] nvme_ctrl_dhchap_secret_store+0x8f/0x160 [nvme_core]\n[<00000000ac06c96a>] kernfs_fop_write_iter+0x12b/0x1c0\n[<00000000437e7ced>] vfs_write+0x2ba/0x3c0\n[<00000000f9491baf>] ksys_write+0x5f/0xe0\n[<000000001c46513d>] do_syscall_64+0x3b/0x90\n[<00000000ecf348fe>] entry_SYSCALL_64_after_hwframe+0x72/0xdc", "A memory leak vulnerability was found in the NVMe core driver in the Linux kernel. In nvme_ctrl_dhchap_secret_store(), the dhchap_secret buffer is not freed before returning in certain code paths, causing memory to be leaked each time the secret is stored. This can lead to memory exhaustion over time with repeated secret store operations." ],
  "statement" : "This is a memory leak in the NVMe DH-HMAC-CHAP authentication subsystem. The impact is limited to systems using NVMe-oF (NVMe over Fabrics) with DH-HMAC-CHAP authentication enabled.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53852\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53852\nhttps://lore.kernel.org/linux-cve-announce/2025120901-CVE-2023-53852-69a1@gregkh/T" ],
  "name" : "CVE-2023-53852",
  "csaw" : false
}