CVE-2023-54134

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a memory leak in the autofs subsystem. Specifically, waitqueue structures are not always freed correctly when their usage counter reaches zero, leading to a memory leak. This issue occurs when an AUTOFS IOC EXPIRE MULTI ioctl is performed, allocating a new waitqueue structure with an initial usage counter of 2. If wait event killable() is interrupted, the condition wq->name.name == NULL may not be met. The autofs wait release() or autofs catatonic mode() functions decrement the counter, but the waitqueues are not always freed, resulting in a memory leak. The issue is particularly relevant during the summary execution of the automount daemon, where waiting processes may not be woken up until terminated or the mount is unmounted.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.