CVE-2023-53174
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's SCSI subsystem. If device_add() fails during SCSI device initialization, the allocated device name isn't properly freed, leading to kernel memory exhaustion over time. This affects all Linux systems using SCSI storage devices.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Repeated exploitation could exhaust kernel memory, causing system instability, crashes, or denial of service through kernel panic.
Likely Case
Memory leak gradually consumes kernel resources, potentially leading to performance degradation or system instability over extended periods.
If Mitigated
With proper monitoring and memory limits, impact is limited to potential performance issues rather than complete system failure.
🎯 Exploit Status
Requires ability to trigger SCSI device addition failures, which typically needs local access or specific hardware manipulation
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commits: 04b5b5cb0136ce970333a9c6cec7e46adba1ea3a, 06c5340858011aa1195aec43a776e3185fbf7f56, 43c0e16d0c5ec59398b405f4c4aa5a076e656c3f, 63956ad27a6882f01fea7c69e17823090f4c7b3f, 6bc7f4c8c27d526f968788b8a985896755b1df35
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable SCSI device hotplug
LinuxPrevent new SCSI devices from being added dynamically to avoid triggering the vulnerability
echo 'blacklist scsi' > /etc/modprobe.d/disable-scsi.conf
update-initramfs -u
🧯 If You Can't Patch
- Monitor kernel memory usage closely for unusual increases
- Restrict physical access to SCSI ports and prevent unauthorized device connections
🔍 How to Verify
Check if Vulnerable:
Check kernel version against distribution security advisories; examine dmesg for repeated SCSI device addition failuresCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits; monitor for memory leaks after SCSI device operations📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing repeated SCSI device addition failures
- Increasing kernel memory usage without corresponding device activity
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("device_add failed" OR "SCSI" AND "error")🔗 References
- https://git.kernel.org/stable/c/04b5b5cb0136ce970333a9c6cec7e46adba1ea3a
- https://git.kernel.org/stable/c/06c5340858011aa1195aec43a776e3185fbf7f56
- https://git.kernel.org/stable/c/43c0e16d0c5ec59398b405f4c4aa5a076e656c3f
- https://git.kernel.org/stable/c/63956ad27a6882f01fea7c69e17823090f4c7b3f
- https://git.kernel.org/stable/c/6bc7f4c8c27d526f968788b8a985896755b1df35
- https://git.kernel.org/stable/c/aa9a76d5ffdecd3b52ac333eb89361b0c9fe04e8
- https://git.kernel.org/stable/c/b191ff1f075c4875f11271cbf0093e6e044a12aa
- https://git.kernel.org/stable/c/e12fac07f61caac9c5b186d827658b3470787619
