SB2025091907 - Memory leak in Linux kernel scsi snic driver
Published: September 19, 2025 Updated: September 22, 2025
Security Bulletin ID
SB2025091907
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2023-53436)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the snic_tgt_create() function in drivers/scsi/snic/snic_disc.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/41320b18a0e0dfb236dba4edb9be12dba1878156
- https://git.kernel.org/stable/c/461f8ac666fa232afee5ed6420099913ec4e4ba2
- https://git.kernel.org/stable/c/58889d5ad74cbc1c9595db74e13522b58b69b0ec
- https://git.kernel.org/stable/c/7723a5d5d187626c4c640842e522cf4e9e39492e
- https://git.kernel.org/stable/c/789275f7c0544374d40bc8d9c81f96751a41df45
- https://git.kernel.org/stable/c/cea09922f5f75652d55b481ee34011fc7f19868b
- https://git.kernel.org/stable/c/ed0acb1ee2e9322b96611635a9ca9303d15ac76c
- https://git.kernel.org/stable/c/f830968d464f55e11bc9260a132fc77daa266aa3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.292