CVE-2023-53993

Vulnerability

Description

A memory leak vulnerability exists in the Linux kernel's PCI Data Object Exchange (DOE) subsystem. When the kernel is built with CONFIG_DEBUG_OBJECTS=y, a pci_doe_task's associated work_struct is not properly destroyed after the task completes, leading to unreclaimed memory. This issue is fixed by ensuring the work_struct is destroyed in the task completion path [1].

Exploitation

The vulnerability can be triggered by any code path that performs PCI DOE tasks, which typically requires local access or the ability to initiate PCIe communication with DOE-capable devices. No special privileges beyond normal user access to PCI devices may be needed in some configurations. An attacker could repeatedly trigger DOE tasks to exhaust system memory.

Impact

Successful exploitation results in a persistent memory leak, which can lead to system instability or denial of service as available memory is gradually consumed. The leak is limited to systems with CONFIG_DEBUG_OBJECTS=y, which is often enabled in debug kernels or for development.

Mitigation

The fix has been merged into the Linux kernel stable tree via commit abf04be0e7071f2bcd39bf97ba407e7d4439785e [1]. Users should apply the patch or update to a kernel version containing it.