Vulnerability Database

309,540

Total vulnerabilities in the database

CVE-2023-53078

In the Linux kernel, the following vulnerability has been resolved:

scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()

If alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not freed, which will cause following memleak:

unreferenced object 0xffff88810b2c6980 (size 32): comm "kworker/u16:2", pid 635322, jiffies 4355801099 (age 1216426.076s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$............. backtrace: [<0000000098f3a26d>] alua_activate+0xb0/0x320 [<000000003b529641>] scsi_dh_activate+0xb2/0x140 [<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath] [<000000007adc9ace>] process_one_work+0x3c5/0x730 [<00000000c457a985>] worker_thread+0x93/0x650 [<00000000cb80e628>] kthread+0x1ba/0x210 [<00000000a1e61077>] ret_from_fork+0x22/0x30

Fix the problem by freeing 'qdata' in error path.

  • Published: May 2, 2025
  • Updated: Nov 13, 2025
  • CVE: CVE-2023-53078
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

Software From Fixed in
linux / linux_kernel 4.9.21 4.10
linux / linux_kernel 4.10.9 4.11
linux / linux_kernel 4.11.1 4.14.312
linux / linux_kernel 4.15 4.19.280
linux / linux_kernel 4.20 5.4.240
linux / linux_kernel 5.5 5.10.177
linux / linux_kernel 5.11 5.15.105
linux / linux_kernel 5.16 6.1.22
linux / linux_kernel 6.2 6.2.9
linux / linux_kernel 4.11 4.11.x
linux / linux_kernel 4.11-rc5 4.11-rc5.x
linux / linux_kernel 4.11-rc6 4.11-rc6.x
linux / linux_kernel 4.11-rc7 4.11-rc7.x
linux / linux_kernel 4.11-rc8 4.11-rc8.x
linux / linux_kernel 6.3-rc1 6.3-rc1.x
linux / linux_kernel 6.3-rc2 6.3-rc2.x
linux / linux_kernel 6.3-rc3 6.3-rc3.x