CVE-2023-54227
Unknown Unknown - Not Provided
Memory Leak in Linux Kernel blk-mq Due to Improper Tag Freeing

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix tags leak when shrink nr_hw_queues Although we don't need to realloc set->tags[] when shrink nr_hw_queues, we need to free them. Or these tags will be leaked. How to reproduce: 1. mount -t configfs configfs /mnt 2. modprobe null_blk nr_devices=0 submit_queues=8 3. mkdir /mnt/nullb/nullb0 4. echo 1 > /mnt/nullb/nullb0/power 5. echo 4 > /mnt/nullb/nullb0/submit_queues 6. rmdir /mnt/nullb/nullb0 In step 4, will alloc 9 tags (8 submit queues and 1 poll queue), then in step 5, new_nr_hw_queues = 5 (4 submit queues and 1 poll queue). At last in step 6, only these 5 tags are freed, the other 4 tags leaked.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-06-16
AI Q&A
2025-12-30
EPSS Evaluated
2026-06-15
NVD
CVE-2023-54227
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a memory leak in the Linux kernel's blk-mq subsystem related to tag management when shrinking the number of hardware queues (nr_hw_queues). Specifically, when the number of hardware queues is reduced, some allocated tags are not properly freed, causing a leak of these tags in memory.

Impact Analysis

The impact of this vulnerability is a memory leak in the kernel, which can lead to increased memory usage over time. This could degrade system performance or stability, especially on systems that frequently change the number of hardware queues, potentially leading to resource exhaustion.

Detection Guidance

This vulnerability can be detected by reproducing the conditions that cause the tags leak in the Linux kernel blk-mq subsystem. The provided steps to reproduce are: 1. mount -t configfs configfs /mnt 2. modprobe null_blk nr_devices=0 submit_queues=8 3. mkdir /mnt/nullb/nullb0 4. echo 1 > /mnt/nullb/nullb0/power 5. echo 4 > /mnt/nullb/nullb0/submit_queues 6. rmdir /mnt/nullb/nullb0 These commands simulate the allocation and shrinking of hardware queues that lead to the tags leak. Monitoring kernel memory usage or debugging kernel memory leaks during these steps can help detect the vulnerability.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to apply the patch or update the Linux kernel to a version where the blk-mq tags leak issue when shrinking nr_hw_queues has been fixed. Since the vulnerability is due to tags not being freed properly, ensuring the kernel includes the fix that frees these tags will prevent the leak.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54227. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart