CVE-2023-53120
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's mpi3mr SCSI driver where DMA-allocated configuration pages are not properly freed when a device is released. This affects systems using the mpi3mr driver with Broadcom SAS/SATA/NVMe controllers. The vulnerability can lead to resource exhaustion and system instability.
💻 Affected Systems
- Linux kernel with mpi3mr driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System crash or kernel panic due to DMA memory exhaustion, potentially causing data loss or service disruption.
Likely Case
Gradual memory leak leading to system performance degradation over time, requiring reboots to restore normal operation.
If Mitigated
Minor performance impact with no data loss if detected early and systems are monitored.
🎯 Exploit Status
This is a resource leak vulnerability, not directly exploitable for code execution. Requires driver interaction through legitimate operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 5fc4d698ed4b6507be2eb36d040a678adcb89da4, 7d2b02172b6a2ae6aecd7ef6480b9c4bf3dc59f4, or dca06ccf13de14e144d34f158f73ae0032f80e63
Vendor Advisory: https://git.kernel.org/stable/c/5fc4d698ed4b6507be2eb36d040a678adcb89da4
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load patched kernel. 3. Verify driver is functioning correctly after reboot.
🔧 Temporary Workarounds
Unload mpi3mr driver
linuxRemove the vulnerable driver if not needed
sudo rmmod mpi3mr
Blacklist driver
linuxPrevent driver from loading on boot
echo 'blacklist mpi3mr' | sudo tee /etc/modprobe.d/blacklist-mpi3mr.conf
🧯 If You Can't Patch
- Monitor system memory usage and kernel logs for DMA allocation warnings
- Schedule regular reboots to clear accumulated memory leaks
🔍 How to Verify
Check if Vulnerable:
Check if mpi3mr driver is loaded: lsmod | grep mpi3mr. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Monitor dmesg for absence of 'DMA-API: device driver has pending DMA allocations' messages.📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing 'DMA-API: device driver has pending DMA allocations while released from device'
- Increasing memory usage without clear cause
Network Indicators:
- None - this is a local driver issue
SIEM Query:
source="kernel" AND "DMA-API: device driver has pending DMA allocations"