{ "threat_severity" : "Moderate", "public_date" : "2025-12-24T00:00:00Z", "bugzilla" : { "description" : "kernel: Linux kernel rt2x00 Wi-Fi driver: Denial of Service via memory leak during device removal", "id" : "2425120", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2425120" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-772", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nwifi: rt2x00: Fix memory leak when handling surveys\nWhen removing a rt2x00 device, its associated channel surveys\nare not freed, causing a memory leak observable with kmemleak:\nunreferenced object 0xffff9620f0881a00 (size 512):\ncomm \"systemd-udevd\", pid 2290, jiffies 4294906974 (age 33.768s)\nhex dump (first 32 bytes):\n70 44 12 00 00 00 00 00 92 8a 00 00 00 00 00 00 pD..............\n00 00 00 00 00 00 00 00 ab 87 01 00 00 00 00 00 ................\nbacktrace:\n[] __kmalloc+0x4b/0x130\n[] rt2800_probe_hw+0xc2b/0x1380 [rt2800lib]\n[] rt2800usb_probe_hw+0xe/0x60 [rt2800usb]\n[] rt2x00lib_probe_dev+0x21a/0x7d0 [rt2x00lib]\n[] rt2x00usb_probe+0x1be/0x980 [rt2x00usb]\n[] usb_probe_interface+0xe2/0x310 [usbcore]\n[] really_probe+0x1a5/0x410\n[] __driver_probe_device+0x78/0x180\n[] driver_probe_device+0x1e/0x90\n[] __driver_attach+0xd2/0x1c0\n[] bus_for_each_dev+0x77/0xd0\n[] bus_add_driver+0x112/0x210\n[] driver_register+0x5c/0x120\n[] usb_register_driver+0x88/0x150 [usbcore]\n[] do_one_initcall+0x44/0x220\n[] do_init_module+0x4c/0x220\nFix this by freeing the channel surveys on device removal.\nTested with a RT3070 based USB wireless adapter.", "A flaw was found in the Linux kernel's rt2x00 Wi-Fi driver. A local user could exploit this vulnerability when a rt2x00 device is removed, as its associated channel surveys are not properly freed. This leads to a memory leak, which could result in a Denial of Service (DoS) due to resource exhaustion, making the system unavailable to legitimate users." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-11-14T00:00:00Z", "advisory" : "RHSA-2023:7077", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-513.5.1.el8_9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54131\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54131\nhttps://lore.kernel.org/linux-cve-announce/2025122420-CVE-2023-54131-87b3@gregkh/T" ], "name" : "CVE-2023-54131", "csaw" : false }