CVE-2023-54131
Description
In the Linux kernel, the following vulnerability has been resolved:
wifi: rt2x00: Fix memory leak when handling surveys
When removing a rt2x00 device, its associated channel surveys are not freed, causing a memory leak observable with kmemleak:
unreferenced object 0xffff9620f0881a00 (size 512): comm "systemd-udevd", pid 2290, jiffies 4294906974 (age 33.768s) hex dump (first 32 bytes): 70 44 12 00 00 00 00 00 92 8a 00 00 00 00 00 00 pD.............. 00 00 00 00 00 00 00 00 ab 87 01 00 00 00 00 00 ................ backtrace: [] __kmalloc+0x4b/0x130 [] rt2800_probe_hw+0xc2b/0x1380 [rt2800lib] [] rt2800usb_probe_hw+0xe/0x60 [rt2800usb] [] rt2x00lib_probe_dev+0x21a/0x7d0 [rt2x00lib] [] rt2x00usb_probe+0x1be/0x980 [rt2x00usb] [] usb_probe_interface+0xe2/0x310 [usbcore] [] really_probe+0x1a5/0x410 [] __driver_probe_device+0x78/0x180 [] driver_probe_device+0x1e/0x90 [] __driver_attach+0xd2/0x1c0 [] bus_for_each_dev+0x77/0xd0 [] bus_add_driver+0x112/0x210 [] driver_register+0x5c/0x120 [] usb_register_driver+0x88/0x150 [usbcore] [] do_one_initcall+0x44/0x220 [] do_init_module+0x4c/0x220
Fix this by freeing the channel surveys on device removal.
Tested with a RT3070 based USB wireless adapter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A memory leak in the Linux kernel's rt2x00 WiFi driver occurs when removing a device, as channel surveys are not freed.
Vulnerability
In the Linux kernel's rt2x00 WiFi driver, a memory leak exists in the handling of channel surveys. When a rt2x00 device is removed, the associated channel survey structures are not freed, leading to a memory leak. This was observed via kmemleak, showing unreferenced objects allocated during device probing [1].
Exploitation
The vulnerability is triggered by removing a rt2x00 device, such as a USB wireless adapter. No special privileges are needed beyond the ability to physically disconnect or unbind the device. The attack surface is local, requiring the attacker to have access to the system and the ability to cause device removal [2].
Impact
An attacker could repeatedly trigger device removal to exhaust kernel memory, potentially leading to a denial of service (DoS). The leak is per device removal, and with repeated actions, system memory could be depleted.
Mitigation
The fix involves freeing the channel surveys when the device is removed. Patches have been committed to the Linux kernel stable branches [1][2]. Users should update to a kernel version containing the fix (e.g., versions after the commit dates). No workarounds are mentioned.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
5eb77c0c0a17cbea3f8aa9993494064ffd60d0354bce76ed1cbef9a83c51dVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- git.kernel.org/stable/c/0354bce76ed1d775904acdb4cc0bf88c5b9b5b9fnvd
- git.kernel.org/stable/c/494064ffd60d044c097d514917c40913d1affbcanvd
- git.kernel.org/stable/c/bea3f8aa999318bdffa2d17753e492f76904f0cenvd
- git.kernel.org/stable/c/cbef9a83c51dfcb07f77cfa6ac26f53a1ea86f49nvd
- git.kernel.org/stable/c/eb77c0c0a17c53d83b5fe8e46490fb0a7ed9e6afnvd
News mentions
0No linked articles in our index yet.