CVE-2023-53814
Description
In the Linux kernel, the following vulnerability has been resolved:
PCI: Fix dropping valid root bus resources with .end = zero
On r8a7791/koelsch:
kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) # cat /sys/kernel/debug/kmemleak unreferenced object 0xc3a34e00 (size 64): comm "swapper/0", pid 1, jiffies 4294937460 (age 199.080s) hex dump (first 32 bytes): b4 5d 81 f0 b4 5d 81 f0 c0 b0 a2 c3 00 00 00 00 .]...].......... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] __kmalloc+0xf0/0x140 [<34bd6bc0>] resource_list_create_entry+0x18/0x38 [<767046bc>] pci_add_resource_offset+0x20/0x68 [] devm_of_pci_get_host_bridge_resources.constprop.0+0xb0/0x390
When coalescing two resources for a contiguous aperture, the second resource is enlarged to cover the full contiguous range, while the first resource is marked invalid. This invalidation is done by clearing the flags, start, and end members.
When adding the initial resources to the bus later, invalid resources are skipped. Unfortunately, the check for an invalid resource considers only the end member, causing false positives.
E.g. on r8a7791/koelsch, root bus resource 0 ("bus 00") is skipped, and no longer registered with pci_bus_insert_busn_res() (causing the memory leak), nor printed:
pci-rcar-gen2 ee090000.pci: host bridge /soc/pci@ee090000 ranges: pci-rcar-gen2 ee090000.pci: MEM 0x00ee080000..0x00ee08ffff -> 0x00ee080000 pci-rcar-gen2 ee090000.pci: PCI: revision 11 pci-rcar-gen2 ee090000.pci: PCI host bridge to bus 0000:00 -pci_bus 0000:00: root bus resource [bus 00] pci_bus 0000:00: root bus resource [mem 0xee080000-0xee08ffff]
Fix this by only skipping resources where all of the flags, start, and end members are zero.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A Linux kernel PCI resource coalescing bug causes valid root bus resources with .end=0 to be incorrectly skipped, leading to memory leaks and missing bus registration.
Vulnerability
Overview
In the Linux kernel, a flaw in the PCI subsystem's resource coalescing logic can cause valid root bus resources to be incorrectly dropped. When two resources for a contiguous aperture are coalesced, the first resource is marked invalid by design marked invalid by clearing its flags, start, and end members. However, the subsequent check that skips invalid resources only examines the end member, leading to false positives where resources with a zero end value are skipped even if they are valid [1][2].
Exploitation
Context
This issue manifests during boot on certain hardware, such as the r8a7791/koelsch platform, where the root bus resource 0 ("bus 00") is erroneously skipped. As a result, the resource is not registered with pci_bus_insert_busn_res(), causing a memory leak detected by kmemleak, and the resource is not printed in the kernel log [1][2]. The vulnerability is triggered automatically during normal system initialization without any special attacker action.
Impact
The primary impact is a kernel memory leak, as the skipped resource allocation is never freed. While not directly exploitable for code execution, memory leaks can degrade system stability over time, potentially leading to denial-of-service conditions on affected systems [1][2].
Mitigation
The fix, committed to the Linux kernel stable tree, corrects the invalidation check to skip resources only when all of the flags, start, and end members are zero, rather than checking only the end member [1][2]. Users should apply the latest kernel updates from their distribution to resolve this issue.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
4e4af080f3ef6fe6a1fbe83f57e6f2714d93c9d8ba74a181bVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.