CVE-2023-54041 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memory leak when removing provided buffers When removing provided buffers, io_buffer structs are not being disposed of, leading to a memory leak. They can't be freed individually, because they are allocated in page-sized groups. They need to be added to some free list instead, such as io_buffers_cache. All callers already hold the lock protecting it, apart from when destroying buffers, so had to extend the lock there.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/ac48787f58d1068f4e06d627c1135784d64b4c72
https://git.kernel.org/stable/c/b4a72c0589fdea6259720375426179888969d6a2
https://git.kernel.org/stable/c/c117c15927772d1624c29c092b6bd3f47c7faa48

History

Wed, 24 Dec 2025 11:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memory leak when removing provided buffers When removing provided buffers, io_buffer structs are not being disposed of, leading to a memory leak. They can't be freed individually, because they are allocated in page-sized groups. They need to be added to some free list instead, such as io_buffers_cache. All callers already hold the lock protecting it, apart from when destroying buffers, so had to extend the lock there.
Title		io_uring: fix memory leak when removing provided buffers
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/ac48787f58d1068f4e06d627c1135784d64b4c72 https://git.kernel.org/stable/c/b4a72c0589fdea6259720375426179888969d6a2 https://git.kernel.org/stable/c/c117c15927772d1624c29c092b6bd3f47c7faa48

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-24T10:56:06.858Z

Updated: 2025-12-24T10:56:06.858Z

Reserved: 2025-12-24T10:53:46.181Z

Link: CVE-2023-54041

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-24T11:15:57.090

Modified: 2025-12-24T11:15:57.090

Link: CVE-2023-54041

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-54041", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-24T10:53:46.181Z", "datePublished": "2025-12-24T10:56:06.858Z", "dateUpdated": "2025-12-24T10:56:06.858Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-24T10:56:06.858Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix memory leak when removing provided buffers\n\nWhen removing provided buffers, io_buffer structs are not being disposed\nof, leading to a memory leak. They can't be freed individually, because\nthey are allocated in page-sized groups. They need to be added to some\nfree list instead, such as io_buffers_cache. All callers already hold\nthe lock protecting it, apart from when destroying buffers, so had to\nextend the lock there."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["io_uring/io_uring.c", "io_uring/kbuf.c"], "versions": [{"version": "cc3cec8367cba76a8ae4c271eba8450f3efc1ba3", "lessThan": "ac48787f58d1068f4e06d627c1135784d64b4c72", "status": "affected", "versionType": "git"}, {"version": "cc3cec8367cba76a8ae4c271eba8450f3efc1ba3", "lessThan": "c117c15927772d1624c29c092b6bd3f47c7faa48", "status": "affected", "versionType": "git"}, {"version": "cc3cec8367cba76a8ae4c271eba8450f3efc1ba3", "lessThan": "b4a72c0589fdea6259720375426179888969d6a2", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["io_uring/io_uring.c", "io_uring/kbuf.c"], "versions": [{"version": "5.18", "status": "affected"}, {"version": "0", "lessThan": "5.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.24", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2.11", "lessThanOrEqual": "6.2.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.18", "versionEndExcluding": "6.1.24"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.18", "versionEndExcluding": "6.2.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.18", "versionEndExcluding": "6.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ac48787f58d1068f4e06d627c1135784d64b4c72"}, {"url": "https://git.kernel.org/stable/c/c117c15927772d1624c29c092b6bd3f47c7faa48"}, {"url": "https://git.kernel.org/stable/c/b4a72c0589fdea6259720375426179888969d6a2"}], "title": "io_uring: fix memory leak when removing provided buffers", "x_generator": {"engine": "bippy-1.2.0"}}}}