CVE-2023-53696
- Source
- https://cve.org/CVERecord?id=CVE-2023-53696
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53696.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53696
- Downstream
- Related
- Published
- 2025-10-22T13:23:37.110Z
- Modified
- 2026-04-02T09:44:53.119390Z
- Summary
- scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix memory leak in qla2x00probeone()
There is a memory leak reported by kmemleak:
unreferenced object 0xffffc900003f0000 (size 12288): comm "modprobe", pid 19117, jiffies 4299751452 (age 42490.264s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000629261a8>] __vmallocnoderange+0xe56/0x1110 [<0000000001906886>] _vmallocnode+0xbd/0x150 [<000000005bb4dc34>] vmalloc+0x25/0x30 [<00000000a2dc1194>] qla2x00createhost+0x7a0/0xe30 [qla2xxx] [<0000000062b14b47>] qla2x00probeone+0x2eb8/0xd160 [qla2xxx] [<00000000641ccc04>] localpciprobe+0xeb/0x1a0
The root cause is traced to an error-handling path in qla2x00probeone() when the adapter "basevha" initialize failed. The fabscanrp "scan.l" is used to record the port information and it is allocated in qla2x00createhost(). However, it is not released in the error handling path "probefailed".
Fix this by freeing the memory of "scan.l" when an error occurs in the adapter initialization process.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53696.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/44374911ac63f769c442f56fdfadea673c5f4425
- https://git.kernel.org/stable/c/582e35e97318ccd9c81774bac08938291679525f
- https://git.kernel.org/stable/c/85ade4010e13ef152ea925c74d94253db92e5428
- https://git.kernel.org/stable/c/ae73c4dd48f2c79d515d509a0cbe9efb0a197f44
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53696.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53696
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda4239945b8ad112fb914d0605c8f6c5fd3330f61Fixedae73c4dd48f2c79d515d509a0cbe9efb0a197f44Fixed44374911ac63f769c442f56fdfadea673c5f4425Fixed582e35e97318ccd9c81774bac08938291679525fFixed85ade4010e13ef152ea925c74d94253db92e5428