VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2023-54154

CVE-2023-54154

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: core: Fix target_cmd_counter leak

The target_cmd_counter struct allocated via target_alloc_cmd_counter() is never freed, resulting in leaks across various transport types, e.g.:

unreferenced object 0xffff88801f920120 (size 96): comm "sh", pid 102, jiffies 4294892535 (age 713.412s) hex dump (first 32 bytes): 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 38 01 92 1f 80 88 ff ff ........8....... backtrace: [<00000000e58a6252>] kmalloc_trace+0x11/0x20 [<0000000043af4b2f>] target_alloc_cmd_counter+0x17/0x90 [target_core_mod] [<000000007da2dfa7>] target_setup_session+0x2d/0x140 [target_core_mod] [<0000000068feef86>] tcm_loop_tpg_nexus_store+0x19b/0x350 [tcm_loop] [<000000006a80e021>] configfs_write_iter+0xb1/0x120 [<00000000e9f4d860>] vfs_write+0x2e4/0x3c0 [<000000008143433b>] ksys_write+0x80/0xb0 [<00000000a7df29b2>] do_syscall_64+0x42/0x90 [<0000000053f45fb8>] entry_SYSCALL_64_after_hwframe+0x6e/0xd8

Free the structure alongside the corresponding iscsit_conn / se_sess parent.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory leak in the Linux kernel's SCSI target subsystem where target_cmd_counter is never freed, leading to resource exhaustion.

Vulnerability

Description

In the Linux kernel, the target_cmd_counter structures allocated by target_alloc_cmd_counter()` are never freed, causing a memory leak. The leak occurs across various transport types, as shown in the kernel memory debug output where an unreferenced objects persist after use [1].

Exploitation

An attacker with local access or the ability to trigger SCSI target session setup (e.g., via configfs writes) can repeatedly allocate target_cmd_counter structures. No special privileges beyond the ability to interact with the target subsystem are required, though the attack surface is limited to systems using the SCSI target framework [1].

Impact

Repeated exploitation leads to kernel memory exhaustion, leading to system instability or denial of service. The leaked structures are small (96 bytes each), but sustained allocation can deplete memory resources [1].

Mitigation

The fix is included in Linux kernel stable updates. Users should apply the patch referenced in [1] or update to a kernel version containing the commit 1cd41d1669bcbc5052bc0862ff3fb30. No workaround is available; the vulnerability is available; updating is the recommended action [1].

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

3
d14e3e553e05
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
1cd41d1669bc
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
f84639c5ac5f
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.