CVE-2023-53792

Root

Cause In the Linux kernel's NVMe subsystem, the function nvme_ctrl_dhchap_ctrl_secret_store() allocates a dhchap_secret buffer but fails to free it on the error path when nvme_auth_generate_key() returns an error. This leads to a memory leak [1][2].

Exploitation

An attacker with the ability to trigger the error path in NVMe authentication (e.g., by providing an invalid DH-HMAC-CHAP secret via sysfs) can repeatedly cause the allocation without proper cleanup, slowly exhausting kernel memory. No special privileges beyond local user access to configure NVMe authentication are required, though typically only root or privileged users can write to the relevant sysfs file.

Impact

By repeatedly triggering the error, a local attacker could deplete system memory, leading to denial of service. This is a classic resource leak vulnerability; the leak itself does not corrupt memory or allow privilege escalation.

Mitigation

The fix is included in upstream Linux kernel stable commits [1][2]. Users should update their kernels to versions that include the patches. No workaround is available other than restricting access to the NVMe authentication interface.