#VU120633 Memory leak in Linux kernel - CVE-2023-54297
Published: December 30, 2025 / Updated: December 31, 2025
Vulnerability identifier: #VU120633
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-54297
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the exclude_super_stripes() function in fs/btrfs/block-group.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/ab80a901f8daca07c4a54af0ab0de745c9918294
- https://git.kernel.org/stable/c/c35ea606196243063e63785918c7c8fe27c45798
- https://git.kernel.org/stable/c/cca627afb463a4b47721eac017516ba200de85c3
- https://git.kernel.org/stable/c/f1a07c2b4e2c473ec322b8b9ece071b8c88a3512
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.123
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.42
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5