{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-53078", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-05-02T15:51:43.549Z", "datePublished": "2025-05-02T15:55:28.246Z", "dateUpdated": "2025-05-04T12:50:18.916Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:50:18.916Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()\n\nIf alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not\nfreed, which will cause following memleak:\n\nunreferenced object 0xffff88810b2c6980 (size 32):\n comm \"kworker/u16:2\", pid 635322, jiffies 4355801099 (age 1216426.076s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$.............\n backtrace:\n [<0000000098f3a26d>] alua_activate+0xb0/0x320\n [<000000003b529641>] scsi_dh_activate+0xb2/0x140\n [<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath]\n [<000000007adc9ace>] process_one_work+0x3c5/0x730\n [<00000000c457a985>] worker_thread+0x93/0x650\n [<00000000cb80e628>] kthread+0x1ba/0x210\n [<00000000a1e61077>] ret_from_fork+0x22/0x30\n\nFix the problem by freeing 'qdata' in error path."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/device_handler/scsi_dh_alua.c"], "versions": [{"version": "625fe857e4fac6518716f3c0ff5e5deb8ec6d238", "lessThan": "123483df146492ca22b503ae6dacc2ce7c3a3974", "status": "affected", "versionType": "git"}, {"version": "625fe857e4fac6518716f3c0ff5e5deb8ec6d238", "lessThan": "c110051d335ef7f62ad33474b0c23997fee5bfb5", "status": "affected", "versionType": "git"}, {"version": "625fe857e4fac6518716f3c0ff5e5deb8ec6d238", "lessThan": "5c4d71424df34fc23dc5336d09394ce68c849542", "status": "affected", "versionType": "git"}, {"version": "625fe857e4fac6518716f3c0ff5e5deb8ec6d238", "lessThan": "c09cdf6eb815ee35e55d6c50ac7f63db58bd20b8", "status": "affected", "versionType": "git"}, {"version": "625fe857e4fac6518716f3c0ff5e5deb8ec6d238", "lessThan": "9311e7a554dffd3823499e309a8b86a5cd1540e5", "status": "affected", "versionType": "git"}, {"version": "625fe857e4fac6518716f3c0ff5e5deb8ec6d238", "lessThan": "1c55982beb80c7d3c30278fc6cfda8496a31dbe6", "status": "affected", "versionType": "git"}, {"version": "625fe857e4fac6518716f3c0ff5e5deb8ec6d238", "lessThan": "0d89254a4320eb7de0970c478172f764125c6355", "status": "affected", "versionType": "git"}, {"version": "625fe857e4fac6518716f3c0ff5e5deb8ec6d238", "lessThan": "a13faca032acbf2699293587085293bdfaafc8ae", "status": "affected", "versionType": "git"}, {"version": "68b275b7cbf065a8ea9b964cbb7d78d2b63c635f", "status": "affected", "versionType": "git"}, {"version": "2b1725d1df362499f6bbd5a7e245a4090b29c2bb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/device_handler/scsi_dh_alua.c"], "versions": [{"version": "4.11", "status": "affected"}, {"version": "0", "lessThan": "4.11", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.312", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.280", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.240", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.177", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.105", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.22", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2.9", "lessThanOrEqual": "6.2.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "4.14.312"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "4.19.280"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "5.4.240"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "5.10.177"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "5.15.105"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.1.22"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.2.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/123483df146492ca22b503ae6dacc2ce7c3a3974"}, {"url": "https://git.kernel.org/stable/c/c110051d335ef7f62ad33474b0c23997fee5bfb5"}, {"url": "https://git.kernel.org/stable/c/5c4d71424df34fc23dc5336d09394ce68c849542"}, {"url": "https://git.kernel.org/stable/c/c09cdf6eb815ee35e55d6c50ac7f63db58bd20b8"}, {"url": "https://git.kernel.org/stable/c/9311e7a554dffd3823499e309a8b86a5cd1540e5"}, {"url": "https://git.kernel.org/stable/c/1c55982beb80c7d3c30278fc6cfda8496a31dbe6"}, {"url": "https://git.kernel.org/stable/c/0d89254a4320eb7de0970c478172f764125c6355"}, {"url": "https://git.kernel.org/stable/c/a13faca032acbf2699293587085293bdfaafc8ae"}], "title": "scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "229871C9-E27A-4502-AFDC-7C777C21AC22", "versionEndExcluding": "4.10", "versionStartIncluding": "4.9.21", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1D44092-A2CB-49EB-9E33-257AC7F9F3C4", "versionEndExcluding": "4.11", "versionStartIncluding": "4.10.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBDB8DD9-108F-413D-A24A-A13F7A6855CF", "versionEndExcluding": "4.14.312", "versionStartIncluding": "4.11.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8449DA5-0637-406C-99C3-84AF4CB5F3EB", "versionEndExcluding": "4.19.280", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C5F51A3-AEBF-4E51-AA58-D8C8B4554A86", "versionEndExcluding": "5.4.240", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FED8369-E7A1-48C6-9700-6ADEDEC371F7", "versionEndExcluding": "5.10.177", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0888AE70-CB0A-45C0-B9BD-A5371244C8DB", "versionEndExcluding": "5.15.105", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "642B6F99-95C6-47F5-A9B1-5C45FE08CAD0", "versionEndExcluding": "6.1.22", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "914F22DD-1E6F-4B0A-A14D-3A9F068F6761", "versionEndExcluding": "6.2.9", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.11:-:*:*:*:*:*:*", "matchCriteriaId": "623D643F-123E-4D3E-8CBF-16BF845D734B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.11:rc5:*:*:*:*:*:*", "matchCriteriaId": "ACE2C8C3-F2AA-4A39-9D81-B0F8BB82B834", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.11:rc6:*:*:*:*:*:*", "matchCriteriaId": "D67BFFD0-1A52-4F5D-98DB-D94B58FD8D30", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.11:rc7:*:*:*:*:*:*", "matchCriteriaId": "7D996F38-22AC-4059-84FC-F7D69CE0CB9B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.11:rc8:*:*:*:*:*:*", "matchCriteriaId": "97EFF4F7-E5F9-4FAA-AD58-94A24501AD59", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "B8E3B0E8-FA27-4305-87BB-AF6C25B160CB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "A47F0FC3-CE52-4BA1-BA51-22F783938431", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc3:*:*:*:*:*:*", "matchCriteriaId": "3583026A-27EC-4A4C-850A-83F2AF970673", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()\n\nIf alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not\nfreed, which will cause following memleak:\n\nunreferenced object 0xffff88810b2c6980 (size 32):\n comm \"kworker/u16:2\", pid 635322, jiffies 4355801099 (age 1216426.076s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$.............\n backtrace:\n [<0000000098f3a26d>] alua_activate+0xb0/0x320\n [<000000003b529641>] scsi_dh_activate+0xb2/0x140\n [<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath]\n [<000000007adc9ace>] process_one_work+0x3c5/0x730\n [<00000000c457a985>] worker_thread+0x93/0x650\n [<00000000cb80e628>] kthread+0x1ba/0x210\n [<00000000a1e61077>] ret_from_fork+0x22/0x30\n\nFix the problem by freeing 'qdata' in error path."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: scsi_dh_alua: Se corrige la fuga de memoria para 'qdata' en alua_activate(). Si alua_rtpg_queue() falla desde alua_activate(), entonces 'qdata' no se libera, lo que causar\u00e1 la siguiente fuga de memoria: objeto sin referencia 0xffff88810b2c6980 (tama\u00f1o 32): comm \"kworker/u16:2\", pid 635322, jiffies 4355801099 (edad 1216426.076s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$............. backtrace: [&lt;0000000098f3a26d&gt;] alua_activate+0xb0/0x320 [&lt;000000003b529641&gt;] scsi_dh_activate+0xb2/0x140 [&lt;000000007b296db3&gt;] activate_path_work+0xc6/0xe0 [dm_multipath] [&lt;000000007adc9ace&gt;] process_one_work+0x3c5/0x730 [&lt;00000000c457a985&gt;] worker_thread+0x93/0x650 [&lt;00000000cb80e628&gt;] kthread+0x1ba/0x210 [&lt;00000000a1e61077&gt;] ret_from_fork+0x22/0x30 Solucione el problema liberando 'qdata' en la ruta de error."}], "id": "CVE-2023-53078", "lastModified": "2025-11-12T20:49:25.560", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-02T16:15:26.820", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0d89254a4320eb7de0970c478172f764125c6355"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/123483df146492ca22b503ae6dacc2ce7c3a3974"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1c55982beb80c7d3c30278fc6cfda8496a31dbe6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5c4d71424df34fc23dc5336d09394ce68c849542"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9311e7a554dffd3823499e309a8b86a5cd1540e5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a13faca032acbf2699293587085293bdfaafc8ae"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c09cdf6eb815ee35e55d6c50ac7f63db58bd20b8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c110051d335ef7f62ad33474b0c23997fee5bfb5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:7077", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-513.5.1.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-14T00:00:00Z"}, {"advisory": "RHSA-2023:6583", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-362.8.1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2023:6583", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-362.8.1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}], "bugzilla": {"description": "kernel: scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()", "id": "2363707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363707"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nscsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()\nIf alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not\nfreed, which will cause following memleak:\nunreferenced object 0xffff88810b2c6980 (size 32):\ncomm \"kworker/u16:2\", pid 635322, jiffies 4355801099 (age 1216426.076s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$.............\nbacktrace:\n[<0000000098f3a26d>] alua_activate+0xb0/0x320\n[<000000003b529641>] scsi_dh_activate+0xb2/0x140\n[<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath]\n[<000000007adc9ace>] process_one_work+0x3c5/0x730\n[<00000000c457a985>] worker_thread+0x93/0x650\n[<00000000cb80e628>] kthread+0x1ba/0x210\n[<00000000a1e61077>] ret_from_fork+0x22/0x30\nFix the problem by freeing 'qdata' in error path."], "name": "CVE-2023-53078", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-53078\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53078\nhttps://lore.kernel.org/linux-cve-announce/2025050216-CVE-2023-53078-45e1@gregkh/T"], "threat_severity": "Moderate"}

{}