CVE-2023-54131
Unknown Unknown - Not Provided
Memory Leak in Linux Kernel rt2x00 WiFi Driver on Device Removal

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: Fix memory leak when handling surveys When removing a rt2x00 device, its associated channel surveys are not freed, causing a memory leak observable with kmemleak: unreferenced object 0xffff9620f0881a00 (size 512): comm "systemd-udevd", pid 2290, jiffies 4294906974 (age 33.768s) hex dump (first 32 bytes): 70 44 12 00 00 00 00 00 92 8a 00 00 00 00 00 00 pD.............. 00 00 00 00 00 00 00 00 ab 87 01 00 00 00 00 00 ................ backtrace: [<ffffffffb0ed858b>] __kmalloc+0x4b/0x130 [<ffffffffc1b0f29b>] rt2800_probe_hw+0xc2b/0x1380 [rt2800lib] [<ffffffffc1a9496e>] rt2800usb_probe_hw+0xe/0x60 [rt2800usb] [<ffffffffc1ae491a>] rt2x00lib_probe_dev+0x21a/0x7d0 [rt2x00lib] [<ffffffffc1b3b83e>] rt2x00usb_probe+0x1be/0x980 [rt2x00usb] [<ffffffffc05981e2>] usb_probe_interface+0xe2/0x310 [usbcore] [<ffffffffb13be2d5>] really_probe+0x1a5/0x410 [<ffffffffb13be5c8>] __driver_probe_device+0x78/0x180 [<ffffffffb13be6fe>] driver_probe_device+0x1e/0x90 [<ffffffffb13be972>] __driver_attach+0xd2/0x1c0 [<ffffffffb13bbc57>] bus_for_each_dev+0x77/0xd0 [<ffffffffb13bd2a2>] bus_add_driver+0x112/0x210 [<ffffffffb13bfc6c>] driver_register+0x5c/0x120 [<ffffffffc0596ae8>] usb_register_driver+0x88/0x150 [usbcore] [<ffffffffb0c011c4>] do_one_initcall+0x44/0x220 [<ffffffffb0d6134c>] do_init_module+0x4c/0x220 Fix this by freeing the channel surveys on device removal. Tested with a RT3070 based USB wireless adapter.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2023-54131
EUVD
EUVD-2023-60314
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
rt2800 rt2800usb *
rt2800 rt2x00usb *
rt2800 rt2x00lib *
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a memory leak in the Linux kernel's rt2x00 wireless driver. When a rt2x00 device is removed, its associated channel surveys are not properly freed, causing memory to be leaked. This issue was observable using kmemleak and has been fixed by ensuring the channel surveys are freed upon device removal.


How can this vulnerability impact me? :

The memory leak caused by this vulnerability can lead to increased memory usage over time, potentially degrading system performance or causing instability, especially on systems frequently adding and removing rt2x00 wireless devices.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing memory leaks related to rt2x00 devices using the Linux kernel's kmemleak tool. You can enable kmemleak and check for unreferenced objects associated with rt2x00 devices. For example, run the following commands: 1. Enable kmemleak (if not already enabled): echo scan > /sys/kernel/debug/kmemleak 2. Check kmemleak reports: cat /sys/kernel/debug/kmemleak Look for unreferenced objects related to rt2x00 devices or systemd-udevd processes as indicated in the vulnerability description.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version where the fix has been applied, which frees the channel surveys on device removal to prevent the memory leak. If updating immediately is not possible, consider unloading and reloading the affected rt2x00 modules (rt2800lib, rt2800usb, rt2x00usb) carefully, and monitor memory usage with kmemleak to detect leaks until a proper patch is applied.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart