PT-2025-43097 · Unknown+5 · Qla2Xxx Driver+5

Published

2023-04-02

Updated

2026-03-14

CVE-2023-53696

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak was identified in the qla2xxx driver within the Linux kernel, specifically within the qla2x00 probe one() function. The issue occurs during adapter initialization when the base vha initialization fails. A memory allocation for scan.l within qla2x00 create host() is not released in the error handling path, leading to a memory leak. The leak was reported by kmemleak, with the unreferenced object size being 12288 bytes. The backtrace indicates the issue originates from the vmalloc node range, vmalloc node, vmalloc, qla2x00 create host, qla2x00 probe one, and local pci probe functions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-665

Related Identifiers

ALSA-2025_16880

BDU:2026-04010

CESA-2024_3138

CVE-2023-53696

RHSA-2024:2394

RHSA-2024:3138

RHSA-2024_2394

RHSA-2024_3138

SUSE-SU-2025:4111-1

SUSE-SU-2025:4139-1

SUSE-SU-2025:4149-1

SUSE-SU-2025:4189-1

SUSE-SU-2025:4320-1

Affected Products

Centos

Debian

Linux Kernel

Red Hat

Suse

Qla2Xxx Driver

PT-2025-43097 · Unknown+5 · Qla2Xxx Driver+5

CVE-2023-53696

Weakness Enumeration

Related Identifiers

Affected Products

References · 615