{ "threat_severity" : "Low", "public_date" : "2025-12-24T00:00:00Z", "bugzilla" : { "description" : "kernel: Linux kernel: Denial of Service due to memory leak in target_cmd_counter", "id" : "2425166", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2425166" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-772", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nscsi: target: core: Fix target_cmd_counter leak\nThe target_cmd_counter struct allocated via target_alloc_cmd_counter() is\nnever freed, resulting in leaks across various transport types, e.g.:\nunreferenced object 0xffff88801f920120 (size 96):\ncomm \"sh\", pid 102, jiffies 4294892535 (age 713.412s)\nhex dump (first 32 bytes):\n07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 38 01 92 1f 80 88 ff ff ........8.......\nbacktrace:\n[<00000000e58a6252>] kmalloc_trace+0x11/0x20\n[<0000000043af4b2f>] target_alloc_cmd_counter+0x17/0x90 [target_core_mod]\n[<000000007da2dfa7>] target_setup_session+0x2d/0x140 [target_core_mod]\n[<0000000068feef86>] tcm_loop_tpg_nexus_store+0x19b/0x350 [tcm_loop]\n[<000000006a80e021>] configfs_write_iter+0xb1/0x120\n[<00000000e9f4d860>] vfs_write+0x2e4/0x3c0\n[<000000008143433b>] ksys_write+0x80/0xb0\n[<00000000a7df29b2>] do_syscall_64+0x42/0x90\n[<0000000053f45fb8>] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\nFree the structure alongside the corresponding iscsit_conn / se_sess\nparent.", "A flaw was found in SCSI subsystem of the Linux kernel. A local attacker with low privileges could exploit a memory leak within the `target_cmd_counter` structure. This issue, a type of resource management error, can lead to a Denial of Service (DoS) by gradually consuming system memory." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54154\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54154\nhttps://lore.kernel.org/linux-cve-announce/2025122427-CVE-2023-54154-bc1e@gregkh/T" ], "name" : "CVE-2023-54154", "csaw" : false }