{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-54020", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-24T10:53:46.179Z", "datePublished": "2025-12-24T10:55:50.583Z", "dateUpdated": "2026-05-23T15:31:58.250Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-23T15:31:58.250Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: sf-pdma: pdma_desc memory leak fix\n\nCommit b2cc5c465c2c (\"dmaengine: sf-pdma: Add multithread support for a\nDMA channel\") changed sf_pdma_prep_dma_memcpy() to unconditionally\nallocate a new sf_pdma_desc each time it is called.\n\nThe driver previously recycled descs, by checking the in_use flag, only\nallocating additional descs if the existing one was in use. This logic\nwas removed in commit b2cc5c465c2c (\"dmaengine: sf-pdma: Add multithread\nsupport for a DMA channel\"), but sf_pdma_free_desc() was not changed to\nhandle the new behaviour.\n\nAs a result, each time sf_pdma_prep_dma_memcpy() is called, the previous\ndescriptor is leaked, over time leading to memory starvation:\n\n unreferenced object 0xffffffe008447300 (size 192):\n comm \"irq/39-mchp_dsc\", pid 343, jiffies 4294906910 (age 981.200s)\n hex dump (first 32 bytes):\n 00 00 00 ff 00 00 00 00 b8 c1 00 00 00 00 00 00 ................\n 00 00 70 08 10 00 00 00 00 00 00 c0 00 00 00 00 ..p.............\n backtrace:\n [<00000000064a04f4>] kmemleak_alloc+0x1e/0x28\n [<00000000018927a7>] kmem_cache_alloc+0x11e/0x178\n [<000000002aea8d16>] sf_pdma_prep_dma_memcpy+0x40/0x112\n\nAdd the missing kfree() to sf_pdma_free_desc(), and remove the redundant\nin_use flag."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/dma/sf-pdma/sf-pdma.c", "drivers/dma/sf-pdma/sf-pdma.h"], "versions": [{"version": "5ab2782c944e324008ef5d658f2494a9f0e3c5ac", "lessThan": "ad222c9af25e3f074c180e389b3477dce42afc4f", "status": "affected", "versionType": "git"}, {"version": "b2cc5c465c2cb8ab697c3fd6583c614e3f6cfbcc", "lessThan": "03fece43fa109beba7cc9948c02f5e2d1205d607", "status": "affected", "versionType": "git"}, {"version": "b2cc5c465c2cb8ab697c3fd6583c614e3f6cfbcc", "lessThan": "8bd5040bd43f2b5ba3c898b09a3197a0c7ace126", "status": "affected", "versionType": "git"}, {"version": "b2cc5c465c2cb8ab697c3fd6583c614e3f6cfbcc", "lessThan": "b02e07015a5ac7bbc029da931ae17914b8ae0339", "status": "affected", "versionType": "git"}, {"version": "b9b4992f897be9b0b9e3a3b956cab6b75ccc3f11", "status": "affected", "versionType": "git"}, {"version": "4c7350b1dd8a192af844de32fc99b9e34c876fda", "status": "affected", "versionType": "git"}, {"version": "a93b3f1e11971a91b6441b6d47488f4492cc113f", "status": "affected", "versionType": "git"}, {"version": "5.15.61", "lessThan": "5.15.99", "status": "affected", "versionType": "semver"}, {"version": "5.10.137", "lessThan": "5.11", "status": "affected", "versionType": "semver"}, {"version": "5.18.18", "lessThan": "5.19", "status": "affected", "versionType": "semver"}, {"version": "5.19.2", "lessThan": "5.20", "status": "affected", "versionType": "semver"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/dma/sf-pdma/sf-pdma.c", "drivers/dma/sf-pdma/sf-pdma.h"], "versions": [{"version": "6.0", "status": "affected"}, {"version": "0", "lessThan": "6.0", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.99", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.16", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2.3", "lessThanOrEqual": "6.2.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.61", "versionEndExcluding": "5.15.99"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.1.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.2.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.137"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.18.18"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ad222c9af25e3f074c180e389b3477dce42afc4f"}, {"url": "https://git.kernel.org/stable/c/03fece43fa109beba7cc9948c02f5e2d1205d607"}, {"url": "https://git.kernel.org/stable/c/8bd5040bd43f2b5ba3c898b09a3197a0c7ace126"}, {"url": "https://git.kernel.org/stable/c/b02e07015a5ac7bbc029da931ae17914b8ae0339"}], "title": "dmaengine: sf-pdma: pdma_desc memory leak fix", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: sf-pdma: pdma_desc memory leak fix\n\nCommit b2cc5c465c2c (\"dmaengine: sf-pdma: Add multithread support for a\nDMA channel\") changed sf_pdma_prep_dma_memcpy() to unconditionally\nallocate a new sf_pdma_desc each time it is called.\n\nThe driver previously recycled descs, by checking the in_use flag, only\nallocating additional descs if the existing one was in use. This logic\nwas removed in commit b2cc5c465c2c (\"dmaengine: sf-pdma: Add multithread\nsupport for a DMA channel\"), but sf_pdma_free_desc() was not changed to\nhandle the new behaviour.\n\nAs a result, each time sf_pdma_prep_dma_memcpy() is called, the previous\ndescriptor is leaked, over time leading to memory starvation:\n\n unreferenced object 0xffffffe008447300 (size 192):\n comm \"irq/39-mchp_dsc\", pid 343, jiffies 4294906910 (age 981.200s)\n hex dump (first 32 bytes):\n 00 00 00 ff 00 00 00 00 b8 c1 00 00 00 00 00 00 ................\n 00 00 70 08 10 00 00 00 00 00 00 c0 00 00 00 00 ..p.............\n backtrace:\n [<00000000064a04f4>] kmemleak_alloc+0x1e/0x28\n [<00000000018927a7>] kmem_cache_alloc+0x11e/0x178\n [<000000002aea8d16>] sf_pdma_prep_dma_memcpy+0x40/0x112\n\nAdd the missing kfree() to sf_pdma_free_desc(), and remove the redundant\nin_use flag."}], "id": "CVE-2023-54020", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2025-12-24T11:15:55.003", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/03fece43fa109beba7cc9948c02f5e2d1205d607"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8bd5040bd43f2b5ba3c898b09a3197a0c7ace126"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ad222c9af25e3f074c180e389b3477dce42afc4f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b02e07015a5ac7bbc029da931ae17914b8ae0339"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: dmaengine: sf-pdma: pdma_desc memory leak fix", "id": "2424988", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424988"}, "csaw": false, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndmaengine: sf-pdma: pdma_desc memory leak fix\nCommit b2cc5c465c2c (\"dmaengine: sf-pdma: Add multithread support for a\nDMA channel\") changed sf_pdma_prep_dma_memcpy() to unconditionally\nallocate a new sf_pdma_desc each time it is called.\nThe driver previously recycled descs, by checking the in_use flag, only\nallocating additional descs if the existing one was in use. This logic\nwas removed in commit b2cc5c465c2c (\"dmaengine: sf-pdma: Add multithread\nsupport for a DMA channel\"), but sf_pdma_free_desc() was not changed to\nhandle the new behaviour.\nAs a result, each time sf_pdma_prep_dma_memcpy() is called, the previous\ndescriptor is leaked, over time leading to memory starvation:\nunreferenced object 0xffffffe008447300 (size 192):\ncomm \"irq/39-mchp_dsc\", pid 343, jiffies 4294906910 (age 981.200s)\nhex dump (first 32 bytes):\n00 00 00 ff 00 00 00 00 b8 c1 00 00 00 00 00 00 ................\n00 00 70 08 10 00 00 00 00 00 00 c0 00 00 00 00 ..p.............\nbacktrace:\n[<00000000064a04f4>] kmemleak_alloc+0x1e/0x28\n[<00000000018927a7>] kmem_cache_alloc+0x11e/0x178\n[<000000002aea8d16>] sf_pdma_prep_dma_memcpy+0x40/0x112\nAdd the missing kfree() to sf_pdma_free_desc(), and remove the redundant\nin_use flag."], "name": "CVE-2023-54020", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-54020\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54020\nhttps://lore.kernel.org/linux-cve-announce/2025122433-CVE-2023-54020-3f2f@gregkh/T"]}

{}