CVE-2023-54091
Unknown Unknown - Not Provided
Memory Leak in Linux Kernel DRM Client Affects Multiple Drivers

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drm_client_target_cloned dmt_mode is allocated and never freed in this function. It was found with the ast driver, but most drivers using generic fbdev setup are probably affected. This fixes the following kmemleak report: backtrace: [<00000000b391296d>] drm_mode_duplicate+0x45/0x220 [drm] [<00000000e45bb5b3>] drm_client_target_cloned.constprop.0+0x27b/0x480 [drm] [<00000000ed2d3a37>] drm_client_modeset_probe+0x6bd/0xf50 [drm] [<0000000010e5cc9d>] __drm_fb_helper_initial_config_and_unlock+0xb4/0x2c0 [drm_kms_helper] [<00000000909f82ca>] drm_fbdev_client_hotplug+0x2bc/0x4d0 [drm_kms_helper] [<00000000063a69aa>] drm_client_register+0x169/0x240 [drm] [<00000000a8c61525>] ast_pci_probe+0x142/0x190 [ast] [<00000000987f19bb>] local_pci_probe+0xdc/0x180 [<000000004fca231b>] work_for_cpu_fn+0x4e/0xa0 [<0000000000b85301>] process_one_work+0x8b7/0x1540 [<000000003375b17c>] worker_thread+0x70a/0xed0 [<00000000b0d43cd9>] kthread+0x29f/0x340 [<000000008d770833>] ret_from_fork+0x1f/0x30 unreferenced object 0xff11000333089a00 (size 128):
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2023-54091
EUVD
EUVD-2023-60354
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a memory leak in the Linux kernel's DRM (Direct Rendering Manager) client code, specifically in the function drm_client_target_cloned. The issue occurs because the dmt_mode object is allocated but never freed, leading to a leak of kernel memory. It was initially found with the ast driver, but it likely affects most drivers using the generic fbdev setup.

Impact Analysis

The memory leak can cause increased memory usage in the kernel over time, potentially leading to degraded system performance or instability. If the leak is severe or exploited in a specific context, it could contribute to denial of service by exhausting kernel memory resources.

Detection Guidance

This vulnerability is a memory leak in the Linux kernel's drm client code, specifically in drm_client_target_cloned. It was identified through a kmemleak report. To detect this vulnerability on your system, you can use the Linux kernel's kmemleak tool to scan for memory leaks. Enable kmemleak by booting the kernel with the parameter 'kmemleak=on' and then check for reports using the command: 'cat /sys/kernel/debug/kmemleak'. This will show unreferenced objects that may indicate leaks such as the one described.

Mitigation Strategies

Immediate mitigation involves updating the Linux kernel to a version where this memory leak in drm_client_target_cloned has been fixed. Since the issue is a memory leak in the drm client code affecting drivers using generic fbdev setup, applying the patch or upgrading to the fixed kernel version will resolve the problem. In the meantime, monitoring system memory usage and restarting affected services or the system may help reduce impact.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54091. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart