VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2023-54024

CVE-2023-54024

Description

In the Linux kernel, the following vulnerability has been resolved:

KVM: Destroy target device if coalesced MMIO unregistration fails

Destroy and free the target coalesced MMIO device if unregistering said device fails. As clearly noted in the code, kvm_io_bus_unregister_dev() does not destroy the target device.

BUG: memory leak unreferenced object 0xffff888112a54880 (size 64): comm "syz-executor.2", pid 5258, jiffies 4297861402 (age 14.129s) hex dump (first 32 bytes): 38 c7 67 15 00 c9 ff ff 38 c7 67 15 00 c9 ff ff 8.g.....8.g..... e0 c7 e1 83 ff ff ff ff 00 30 67 15 00 c9 ff ff .........0g..... backtrace: [<0000000006995a8a>] kmalloc include/linux/slab.h:556 [inline] [<0000000006995a8a>] kzalloc include/linux/slab.h:690 [inline] [<0000000006995a8a>] kvm_vm_ioctl_register_coalesced_mmio+0x8e/0x3d0 arch/x86/kvm/../../../virt/kvm/coalesced_mmio.c:150 [<00000000022550c2>] kvm_vm_ioctl+0x47d/0x1600 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3323 [<000000008a75102f>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000008a75102f>] file_ioctl fs/ioctl.c:509 [inline] [<000000008a75102f>] do_vfs_ioctl+0xbab/0x1160 fs/ioctl.c:696 [<0000000080e3f669>] ksys_ioctl+0x76/0xa0 fs/ioctl.c:713 [<0000000059ef4888>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<0000000059ef4888>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<0000000059ef4888>] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:718 [<000000006444fa05>] do_syscall_64+0x9f/0x4e0 arch/x86/entry/common.c:290 [<000000009a4ed50b>] entry_SYSCALL_64_after_hwframe+0x49/0xbe

BUG: leak checking failed

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory leak in KVM's coalesced MMIO device unregistration can be triggered by a malicious VM via ioctl, leading to resource exhaustion.

Vulnerability

CVE-2023-54024 is a memory leak vulnerability in the Linux kernel's KVM subsystem, specifically in the coalesced MMIO device handling. The root cause is that when kvm_io_bus_unregister_dev() fails during the unregistration of a coalesced MMIO device, the target device object is not freed, leading to a memory leak. The kernel code explicitly notes that kvm_io_bus_unregister_dev() does not destroy the target device, but the error path in kvm_vm_ioctl_register_coalesced_mmio was missing the necessary cleanup [1][2].

Exploitation

An attacker with access to a VM and the ability to issue KVM_REGISTER_COALESCED_MMIO ioctl calls can trigger this leak. By repeatedly registering and then attempting to unregister coalesced MMIO devices in a way that causes the unregistration to fail, the attacker can cause the kernel to leak memory. The attack requires local access to the host or a guest VM with sufficient privileges to interact with the KVM device file descriptor.

Impact

Successful exploitation leads to a kernel memory leak, which can exhaust system memory over time, potentially causing a denial of service (DoS) condition on the host. The leak is demonstrated in the bug report with a 64-byte object being leaked per failure, and the kernel's leak checker confirms the issue [1][2].

Mitigation

The fix is included in Linux kernel stable updates. Users should apply the latest kernel patches from their distribution. The commit references [1] and [2] provide the corrected code that ensures the target device is freed on unregistration failure.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

6
10c2a20d73e9
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
76a9886e1b61
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
999439fd5da5
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
ccf6a7fb1aed
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
fb436dd69143
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
b1cb1fac22ab
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.