Fluid Attacks Database

Description

A flaw was found in the Linux kernel net/mlx5e Ethernet driver’s mlx5e_ptp_open function. When memory allocation via kvzalloc_node() or kvzalloc() fails, previously allocated resources (c or cparams) were not properly freed, leading to a memory leak in the error path. An unprivileged local user interacting with the networking subsystem might trigger this condition, causing gradual memory consumption.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	linux	=6.1.27-1 \|\| =6.1.37-1 \|\| =6.1.38-1 \|\| =6.1.38-2 \|\| =6.1.38-2~bpo11+1 \|\| =6.1.38-3 \|\| =6.1.38-4 \|\| =6.1.38-4~bpo11+1 \|\| >=0 <6.1.52-1	6.1.52-1
debian 13	linux	>=0 <6.4.11-1	6.4.11-1
debian 14	linux	>=0 <6.4.11-1	6.4.11-1
rpm rhel6	kernel	-	-
rpm rhel8	kernel	<0:4.18.0-553.el8_10	0:4.18.0-553.el8_10
rpm rhel9	kernel	<0:5.14.0-427.13.1.el9_4	0:5.14.0-427.13.1.el9_4
rpm rhel8	kernel-rt	-	-
rpm rhel9	kernel-rt	-	-

Aliases

1. CVE-2023-541692. NVD-2023-541693. OSV-DEBIAN-2023-541694. OSV-2023-541695. SECURITY-TRACKER-CVE-2023-54169

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.