CVE-2023-54041
Memory Leak in Linux Kernel io_uring Buffer Removal
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory leak in the Linux kernel's io_uring subsystem. Specifically, when removing provided buffers, the io_buffer structures are not properly disposed of because they are allocated in page-sized groups and cannot be freed individually. Instead, they should be added to a free list like io_buffers_cache. The issue was that the locking mechanism protecting this free list was not extended to cover buffer destruction, leading to the leak.
How can this vulnerability impact me? :
The memory leak caused by this vulnerability can lead to increased memory usage over time, potentially exhausting system memory resources. This can degrade system performance or cause instability, especially in systems heavily using io_uring for I/O operations.