CVE-2023-54050
Description
In the Linux kernel, the following vulnerability has been resolved:
ubifs: Fix memleak when insert_old_idx() failed
Following process will cause a memleak for copied up znode:
dirty_cow_znode zn = copy_znode(c, znode); err = insert_old_idx(c, zbr->lnum, zbr->offs); if (unlikely(err)) return ERR_PTR(err); // No one refers to zn.
Fetch a reproducer in [Link].
Function copy_znode() is split into 2 parts: resource allocation and znode replacement, insert_old_idx() is split in similar way, so resource cleanup could be done in error handling path without corrupting metadata(mem & disk). It's okay that old index inserting is put behind of add_idx_dirt(), old index is used in layout_leb_in_gaps(), so the two processes do not depend on each other.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A memory leak in the Linux kernel's UBIFS filesystem occurs when insert_old_idx() fails after copying a znode, leaving the copy unreferenced.
Vulnerability
In the Linux kernel's UBIFS filesystem, a memory leak vulnerability exists in the dirty_cow_znode function. When copy_znode() allocates a new znode and insert_old_idx() subsequently fails, the newly copied znode (zn) is not freed, causing a memory leak [1]. The root cause is that the error handling path does not clean up the allocated znode when the old index insertion fails.
Exploitation
An attacker would need to trigger a failure in insert_old_idx() during a write operation that causes copy-on-write of a znode. This could be achieved by exhausting memory or inducing an error in the underlying storage layer. No special privileges are required beyond the ability to write to a UBIFS filesystem, which is typically accessible to unprivileged users on systems with UBIFS mounts.
Impact
Repeated exploitation leads to gradual memory exhaustion, potentially causing system instability or denial of service denial. The leak is per-operation, so sustained triggering can deplete kernel memory over time.
Mitigation
The fix splits copy_znode() into allocation and replacement phases, and similarly splits insert_old_idx() so that resource cleanup can occur without corrupting metadata. The patch has been applied to address this vulnerability has been applied to the stable kernel tree [1][2][3][4]. Users should update to ares should update to a kernel version containing the fix.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
8b5fda08ef213cc29c7216d7f6f2eee5457bc66e9f2fb3e753ae75f82c33fef9aac60365979079cebbeeda6da0ab98477Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- git.kernel.org/stable/c/3ae75f82c33fa1b4ca2006b55c84f4ef4a428d4dnvd
- git.kernel.org/stable/c/66e9f2fb3e753f820bec2a98e8c6387029988320nvd
- git.kernel.org/stable/c/6f2eee5457bc48b0426dedfd78cdbdea241a6edbnvd
- git.kernel.org/stable/c/79079cebbeed624b9d01cfcf1e3254ae1a1f6e14nvd
- git.kernel.org/stable/c/a6da0ab9847779e05a7416c7a98148b549de69efnvd
- git.kernel.org/stable/c/b5fda08ef213352ac2df7447611eb4d383cce929nvd
- git.kernel.org/stable/c/cc29c7216d7f057eb0613b97dc38c7e1962a88d2nvd
- git.kernel.org/stable/c/ef9aac603659e9ffe7d69ae16e3f0fc0991a965bnvd
News mentions
0No linked articles in our index yet.