CVE-2023-54036
Unknown Unknown - Not Provided
Memory Leak in Linux Kernel rtl8xxxu WiFi Drivers (RTL8723BU, RTL8192EU

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU The wifi + bluetooth combo chip RTL8723BU can leak memory (especially?) when it's connected to a bluetooth audio device. The busy bluetooth traffic generates lots of C2H (card to host) messages, which are not freed correctly. To fix this, move the dev_kfree_skb() call in rtl8xxxu_c2hcmd_callback() inside the loop where skb_dequeue() is called. The RTL8192EU leaks memory because the C2H messages are added to the queue and left there forever. (This was fine in the past because it probably wasn't sending any C2H messages until commit e542e66b7c2e ("wifi: rtl8xxxu: gen2: Turn on the rate control"). Since that commit it sends a C2H message when the TX rate changes.) To fix this, delete the check for rf_paths > 1 and the goto. Let the function process the C2H messages from RTL8192EU like the ones from the other chips. Theoretically the RTL8188FU could also leak like RTL8723BU, but it most likely doesn't send C2H messages frequently enough. This change was tested with RTL8723BU by Erhard F. I tested it with RTL8188FU and RTL8192EU.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2023-54036
EUVD
EUVD-2025-205126
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
rtl rtl8188fu *
rtl rtl8192eu *
rtl rtl8723bu *
linux linux_kernel *
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves memory leaks in the Linux kernel's rtl8xxxu wifi driver for certain combo chips (RTL8723BU and RTL8192EU). The RTL8723BU chip leaks memory when connected to a Bluetooth audio device due to busy Bluetooth traffic generating many card-to-host (C2H) messages that are not properly freed. The RTL8192EU chip leaks memory because C2H messages are added to a queue and never removed, especially after a recent change causing it to send C2H messages when the TX rate changes. The fix involves properly freeing these messages to prevent memory leaks.


How can this vulnerability impact me? :

The memory leaks caused by this vulnerability can lead to increased memory usage and potential resource exhaustion on systems using the affected wifi chips. This could degrade system performance or cause instability, especially when Bluetooth audio devices are connected and generating heavy traffic.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the rtl8xxxu driver memory leaks affecting RTL8723BU and RTL8192EU chips. This fix involves proper freeing of C2H messages in the driver code. Applying the kernel update will prevent memory leaks caused by busy Bluetooth traffic and TX rate changes.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart