CVE-2023-54064

Vulnerability

Description

The vulnerability resides in the Linux kernel's IPMI (Intelligent Platform Management Interface) SSIF (SMBus System Interface) driver. During the adapter scanning process, the function ssif_info_find() is responsible for locating adapter information. When the adapter details originate from SMBIOS (System Management BIOS), the field info->adapter_name is not automatically set; so the function allocates and assigns it. However, this function can be invoked multiple times during scanning. If it is called again after adapter_name has already been set, the previously allocated string is overwritten without being freed, causing a memory leak [1][2][3].

Attack

Surface

The bug is triggered by normal kernel operation when the IPMI SSIF driver scans for adapters. No special privileges or network access are required; the flaw is local to the kernel's device initialization sequence. An attacker would need to be able to trigger multiple adapter scan cycles, which can occur through driver probing or hotplug events. The vulnerability is purely a memory leak and does not involve a remote attack vector or require authentication.

Impact

Repeated triggering of the adapter scanning process leads to gradual memory exhaustion as leaked adapter_name strings accumulate. Over time, this could degrade system performance or cause denial of service (DoS) by exhausting kernel memory. There is no privilege escalation or data confidentiality impact; the primary concern is availability.

Mitigation

Patches have been merged into the stable Linux kernel tree that add a NULL check before setting adapter_name in ssif_info_find(). This prevents the leak by only allocating the string if it has not already been assigned. The fix is included in the mainline and stable kernel updates; users should apply the latest kernel updates from their distribution or compile a patched kernel [1][2][3].