CVE-2023-54115 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() When nonstatic_release_resource_db() frees all resources associated with an PCMCIA socket, it forgets to free socket_data too, causing a memory leak observable with kmemleak: unreferenced object 0xc28d1000 (size 64): comm "systemd-udevd", pid 297, jiffies 4294898478 (age 194.484s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 f0 85 0e c3 00 00 00 00 ................ 00 00 00 00 0c 10 8d c2 00 00 00 00 00 00 00 00 ................ backtrace: [<ffda4245>] __kmem_cache_alloc_node+0x2d7/0x4a0 [<7e51f0c8>] kmalloc_trace+0x31/0xa4 [<d52b4ca0>] nonstatic_init+0x24/0x1a4 [pcmcia_rsrc] [<a2f13e08>] pcmcia_register_socket+0x200/0x35c [pcmcia_core] [<a728be1b>] yenta_probe+0x4d8/0xa70 [yenta_socket] [<c48fac39>] pci_device_probe+0x99/0x194 [<84b7c690>] really_probe+0x181/0x45c [<8060fe6e>] __driver_probe_device+0x75/0x1f4 [<b9b76f43>] driver_probe_device+0x28/0xac [<648b766f>] __driver_attach+0xeb/0x1e4 [<6e9659eb>] bus_for_each_dev+0x61/0xb4 [<25a669f3>] driver_attach+0x1e/0x28 [<d8671d6b>] bus_add_driver+0x102/0x20c [<df0d323c>] driver_register+0x5b/0x120 [<942cd8a4>] __pci_register_driver+0x44/0x4c [<e536027e>] __UNIQUE_ID___addressable_cleanup_module188+0x1c/0xfffff000 [iTCO_vendor_support] Fix this by freeing socket_data too. Tested on a Acer Travelmate 4002WLMi by manually binding/unbinding the yenta_cardbus driver (yenta_socket).

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/04bb8af40a7729c398ed4caea7e66cedd2881719
https://git.kernel.org/stable/c/22100df1d57f04cf2370d5347b9ef547f481deea
https://git.kernel.org/stable/c/2d45e2be0be35a3d66863563ed2591ee18a6897e
https://git.kernel.org/stable/c/97fd1c8e9c5aa833aab7e836760bc13103afa892
https://git.kernel.org/stable/c/bde0b6da7bd893c37afaee3555cc3ac3be582313
https://git.kernel.org/stable/c/c85fd9422fe0f5d667305efb27f56d09eab120b0
https://git.kernel.org/stable/c/e8a80cf06b4bb0396212289d651b384c949f09d0
https://git.kernel.org/stable/c/fd53a1f28faba2c4806c055e706a7721006291c1

History

Wed, 24 Dec 2025 13:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() When nonstatic_release_resource_db() frees all resources associated with an PCMCIA socket, it forgets to free socket_data too, causing a memory leak observable with kmemleak: unreferenced object 0xc28d1000 (size 64): comm "systemd-udevd", pid 297, jiffies 4294898478 (age 194.484s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 f0 85 0e c3 00 00 00 00 ................ 00 00 00 00 0c 10 8d c2 00 00 00 00 00 00 00 00 ................ backtrace: [<ffda4245>] __kmem_cache_alloc_node+0x2d7/0x4a0 [<7e51f0c8>] kmalloc_trace+0x31/0xa4 [<d52b4ca0>] nonstatic_init+0x24/0x1a4 [pcmcia_rsrc] [<a2f13e08>] pcmcia_register_socket+0x200/0x35c [pcmcia_core] [<a728be1b>] yenta_probe+0x4d8/0xa70 [yenta_socket] [<c48fac39>] pci_device_probe+0x99/0x194 [<84b7c690>] really_probe+0x181/0x45c [<8060fe6e>] __driver_probe_device+0x75/0x1f4 [<b9b76f43>] driver_probe_device+0x28/0xac [<648b766f>] __driver_attach+0xeb/0x1e4 [<6e9659eb>] bus_for_each_dev+0x61/0xb4 [<25a669f3>] driver_attach+0x1e/0x28 [<d8671d6b>] bus_add_driver+0x102/0x20c [<df0d323c>] driver_register+0x5b/0x120 [<942cd8a4>] __pci_register_driver+0x44/0x4c [<e536027e>] __UNIQUE_ID___addressable_cleanup_module188+0x1c/0xfffff000 [iTCO_vendor_support] Fix this by freeing socket_data too. Tested on a Acer Travelmate 4002WLMi by manually binding/unbinding the yenta_cardbus driver (yenta_socket).
Title		pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/04bb8af40a7729c398ed4caea7e66cedd2881719 https://git.kernel.org/stable/c/22100df1d57f04cf2370d5347b9ef547f481deea https://git.kernel.org/stable/c/2d45e2be0be35a3d66863563ed2591ee18a6897e https://git.kernel.org/stable/c/97fd1c8e9c5aa833aab7e836760bc13103afa892 https://git.kernel.org/stable/c/bde0b6da7bd893c37afaee3555cc3ac3be582313 https://git.kernel.org/stable/c/c85fd9422fe0f5d667305efb27f56d09eab120b0 https://git.kernel.org/stable/c/e8a80cf06b4bb0396212289d651b384c949f09d0 https://git.kernel.org/stable/c/fd53a1f28faba2c4806c055e706a7721006291c1

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-24T13:06:36.892Z

Updated: 2025-12-24T13:06:36.892Z

Reserved: 2025-12-24T13:02:52.519Z

Link: CVE-2023-54115

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-24T13:16:13.427

Modified: 2025-12-24T13:16:13.427

Link: CVE-2023-54115

Redhat

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object