CVE-2023-54020
Unknown Unknown - Not Provided
Memory Leak in Linux dmaengine sf-pdma Driver Causes Resource Exhaustion

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: pdma_desc memory leak fix Commit b2cc5c465c2c ("dmaengine: sf-pdma: Add multithread support for a DMA channel") changed sf_pdma_prep_dma_memcpy() to unconditionally allocate a new sf_pdma_desc each time it is called. The driver previously recycled descs, by checking the in_use flag, only allocating additional descs if the existing one was in use. This logic was removed in commit b2cc5c465c2c ("dmaengine: sf-pdma: Add multithread support for a DMA channel"), but sf_pdma_free_desc() was not changed to handle the new behaviour. As a result, each time sf_pdma_prep_dma_memcpy() is called, the previous descriptor is leaked, over time leading to memory starvation: unreferenced object 0xffffffe008447300 (size 192): comm "irq/39-mchp_dsc", pid 343, jiffies 4294906910 (age 981.200s) hex dump (first 32 bytes): 00 00 00 ff 00 00 00 00 b8 c1 00 00 00 00 00 00 ................ 00 00 70 08 10 00 00 00 00 00 00 c0 00 00 00 00 ..p............. backtrace: [<00000000064a04f4>] kmemleak_alloc+0x1e/0x28 [<00000000018927a7>] kmem_cache_alloc+0x11e/0x178 [<000000002aea8d16>] sf_pdma_prep_dma_memcpy+0x40/0x112 Add the missing kfree() to sf_pdma_free_desc(), and remove the redundant in_use flag.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-07
AI Q&A
2025-12-25
EPSS Evaluated
2026-05-05
NVD
CVE-2023-54020
EUVD
EUVD-2025-205136
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel *
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for memory leaks related to the sf-pdma driver in the Linux kernel. One way to detect it is by using the kernel memory leak detector (kmemleak) to identify unreferenced objects allocated by sf_pdma_prep_dma_memcpy(). You can enable kmemleak and check its output with commands such as: 1. Enable kmemleak (if not already enabled): echo scan > /sys/kernel/debug/kmemleak 2. Check for memory leaks: cat /sys/kernel/debug/kmemleak Look for entries related to sf_pdma_prep_dma_memcpy or irq/39-mchp_dsc processes indicating leaked descriptors. Additionally, monitoring system logs for messages related to memory allocation failures or unusual behavior in the DMA engine driver may help detect the issue.


Can you explain this vulnerability to me?

This vulnerability is a memory leak in the Linux kernel's dmaengine driver for sf-pdma. A recent change made the function sf_pdma_prep_dma_memcpy() allocate a new descriptor every time it is called without freeing the previous one. Because the corresponding free function sf_pdma_free_desc() was not updated to handle this new behavior, descriptors are leaked each time the function is called, eventually leading to memory starvation.


How can this vulnerability impact me? :

The memory leak caused by this vulnerability can lead to memory starvation in the system over time. This means that the system may run out of available memory, potentially causing degraded performance, instability, or crashes in the affected Linux kernel environment.


What immediate steps should I take to mitigate this vulnerability?

Apply the patch that adds the missing kfree() call to sf_pdma_free_desc() and removes the redundant in_use flag in the Linux kernel's dmaengine sf-pdma driver. This fixes the memory leak caused by descriptors not being freed, preventing memory starvation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart