{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-54131","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-24T13:02:52.521Z","datePublished":"2025-12-24T13:06:48.227Z","dateUpdated":"2026-05-11T19:56:05.152Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:56:05.152Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rt2x00: Fix memory leak when handling surveys\n\nWhen removing a rt2x00 device, its associated channel surveys\nare not freed, causing a memory leak observable with kmemleak:\n\nunreferenced object 0xffff9620f0881a00 (size 512):\n  comm \"systemd-udevd\", pid 2290, jiffies 4294906974 (age 33.768s)\n  hex dump (first 32 bytes):\n    70 44 12 00 00 00 00 00 92 8a 00 00 00 00 00 00  pD..............\n    00 00 00 00 00 00 00 00 ab 87 01 00 00 00 00 00  ................\n  backtrace:\n    [<ffffffffb0ed858b>] __kmalloc+0x4b/0x130\n    [<ffffffffc1b0f29b>] rt2800_probe_hw+0xc2b/0x1380 [rt2800lib]\n    [<ffffffffc1a9496e>] rt2800usb_probe_hw+0xe/0x60 [rt2800usb]\n    [<ffffffffc1ae491a>] rt2x00lib_probe_dev+0x21a/0x7d0 [rt2x00lib]\n    [<ffffffffc1b3b83e>] rt2x00usb_probe+0x1be/0x980 [rt2x00usb]\n    [<ffffffffc05981e2>] usb_probe_interface+0xe2/0x310 [usbcore]\n    [<ffffffffb13be2d5>] really_probe+0x1a5/0x410\n    [<ffffffffb13be5c8>] __driver_probe_device+0x78/0x180\n    [<ffffffffb13be6fe>] driver_probe_device+0x1e/0x90\n    [<ffffffffb13be972>] __driver_attach+0xd2/0x1c0\n    [<ffffffffb13bbc57>] bus_for_each_dev+0x77/0xd0\n    [<ffffffffb13bd2a2>] bus_add_driver+0x112/0x210\n    [<ffffffffb13bfc6c>] driver_register+0x5c/0x120\n    [<ffffffffc0596ae8>] usb_register_driver+0x88/0x150 [usbcore]\n    [<ffffffffb0c011c4>] do_one_initcall+0x44/0x220\n    [<ffffffffb0d6134c>] do_init_module+0x4c/0x220\n\nFix this by freeing the channel surveys on device removal.\n\nTested with a RT3070 based USB wireless adapter."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wireless/ralink/rt2x00/rt2x00dev.c"],"versions":[{"version":"5447626910f5b8d964761ed4fa4feaf1a3ac47d0","lessThan":"eb77c0c0a17c53d83b5fe8e46490fb0a7ed9e6af","status":"affected","versionType":"git"},{"version":"5447626910f5b8d964761ed4fa4feaf1a3ac47d0","lessThan":"bea3f8aa999318bdffa2d17753e492f76904f0ce","status":"affected","versionType":"git"},{"version":"5447626910f5b8d964761ed4fa4feaf1a3ac47d0","lessThan":"494064ffd60d044c097d514917c40913d1affbca","status":"affected","versionType":"git"},{"version":"5447626910f5b8d964761ed4fa4feaf1a3ac47d0","lessThan":"0354bce76ed1d775904acdb4cc0bf88c5b9b5b9f","status":"affected","versionType":"git"},{"version":"5447626910f5b8d964761ed4fa4feaf1a3ac47d0","lessThan":"cbef9a83c51dfcb07f77cfa6ac26f53a1ea86f49","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wireless/ralink/rt2x00/rt2x00dev.c"],"versions":[{"version":"5.11","status":"affected"},{"version":"0","lessThan":"5.11","status":"unaffected","versionType":"semver"},{"version":"5.15.111","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.28","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2.15","lessThanOrEqual":"6.2.*","status":"unaffected","versionType":"semver"},{"version":"6.3.2","lessThanOrEqual":"6.3.*","status":"unaffected","versionType":"semver"},{"version":"6.4","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.111"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.1.28"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.2.15"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.3.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/eb77c0c0a17c53d83b5fe8e46490fb0a7ed9e6af"},{"url":"https://git.kernel.org/stable/c/bea3f8aa999318bdffa2d17753e492f76904f0ce"},{"url":"https://git.kernel.org/stable/c/494064ffd60d044c097d514917c40913d1affbca"},{"url":"https://git.kernel.org/stable/c/0354bce76ed1d775904acdb4cc0bf88c5b9b5b9f"},{"url":"https://git.kernel.org/stable/c/cbef9a83c51dfcb07f77cfa6ac26f53a1ea86f49"}],"title":"wifi: rt2x00: Fix memory leak when handling surveys","x_generator":{"engine":"bippy-1.2.0"}}}}