CVE-2023-54154

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a memory leak in the SCSI target core. The target cmd counter struct, allocated by the target alloc cmd counter() function, is not freed, leading to memory leaks across various transport types. The leak occurs because the structure is not freed alongside its corresponding iscsit conn or se sess parent. The backtrace indicates the issue originates from memory allocation during session setup and configuration writing.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2026-01203

CVE-2023-54154

RHSA-2024:2394

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

Affected Products

Linux Kernel

CVE-2023-54154

Weakness Enumeration

Related Identifiers

Affected Products

References · 1461