CVE-2023-53696
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-22

Last updated on: 2025-10-22

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() There is a memory leak reported by kmemleak: unreferenced object 0xffffc900003f0000 (size 12288): comm "modprobe", pid 19117, jiffies 4299751452 (age 42490.264s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000629261a8>] __vmalloc_node_range+0xe56/0x1110 [<0000000001906886>] __vmalloc_node+0xbd/0x150 [<000000005bb4dc34>] vmalloc+0x25/0x30 [<00000000a2dc1194>] qla2x00_create_host+0x7a0/0xe30 [qla2xxx] [<0000000062b14b47>] qla2x00_probe_one+0x2eb8/0xd160 [qla2xxx] [<00000000641ccc04>] local_pci_probe+0xeb/0x1a0 The root cause is traced to an error-handling path in qla2x00_probe_one() when the adapter "base_vha" initialize failed. The fab_scan_rp "scan.l" is used to record the port information and it is allocated in qla2x00_create_host(). However, it is not released in the error handling path "probe_failed". Fix this by freeing the memory of "scan.l" when an error occurs in the adapter initialization process.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-22
Last Modified
2025-10-22
Generated
2026-05-07
AI Q&A
2025-10-22
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53696
EUVD
EUVD-2023-60032
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a memory leak in the Linux kernel's qla2xxx SCSI driver. Specifically, during the initialization of the adapter in the function qla2x00_probe_one(), if the adapter's base_vha initialization fails, a memory allocation called 'scan.l' is not properly freed in the error handling path. This causes allocated memory to remain unreferenced and not released, leading to a memory leak.


How can this vulnerability impact me? :

The memory leak can cause the system to consume more memory over time without releasing it, potentially leading to degraded system performance or instability, especially on systems using the affected qla2xxx SCSI driver. This could result in resource exhaustion if the leak occurs repeatedly during adapter initialization failures.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by using the Linux kernel's kmemleak tool, which reports memory leaks. You can enable kmemleak and check for unreferenced objects related to the qla2xxx driver. For example, run the following commands: 1. Enable kmemleak (if not already enabled): echo scan > /sys/kernel/debug/kmemleak 2. Check for memory leaks: cat /sys/kernel/debug/kmemleak Look for entries mentioning 'qla2xxx' or related to 'qla2x00_probe_one' or 'qla2x00_create_host'.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to update the Linux kernel to a version where this memory leak in the qla2xxx driver has been fixed. The fix involves freeing the allocated memory in the error handling path of the adapter initialization process. Until the update is applied, monitoring for memory leaks using kmemleak and avoiding conditions that trigger the adapter initialization failure may help reduce impact.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart