CVE-2023-54055 in Linuxinfo

Summary

by MITRE • 12/24/2025

In the Linux kernel, the following vulnerability has been resolved:

RDMA/irdma: Fix memory leak of PBLE objects

On rmmod of irdma, the PBLE object memory is not being freed. PBLE object memory are not statically pre-allocated at function initialization time unlike other HMC objects. PBLEs objects and the Segment Descriptors (SD) for it can be dynamically allocated during scale up and SD's remain allocated till function deinitialization.

Fix this leak by adding IRDMA_HMC_IW_PBLE to the iw_hmc_obj_types[] table
and skip pbles in irdma_create_hmc_obj but not in irdma_del_hmc_objects().

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 12/30/2025

The vulnerability CVE-2023-54055 represents a memory leak issue within the Linux kernel's RDMA implementation, specifically affecting the irdma driver component. This flaw occurs during the removal of the irdma kernel module through the rmmod command, where PBLE (Protection Block List Entry) objects fail to be properly deallocated from memory. The issue stems from the unique allocation pattern of PBLE objects compared to other Hardware Memory Controller (HMC) objects within the driver architecture. Unlike statically pre-allocated HMC objects that are initialized at function startup, PBLE objects are dynamically allocated during system scaling operations and maintain their allocation status until the module's deinitialization phase.

The technical root cause lies in the improper handling of PBLE object lifecycle management within the HMC subsystem. The irdma driver maintains a table of HMC object types through the iw_hmc_obj_types[] array, but PBLE objects were missing from this critical registry. This omission prevents the proper cleanup routine from recognizing and processing PBLE objects during module termination. The fix addresses this by explicitly adding IRDMA_HMC_IW_PBLE to the iw_hmc_obj_types[] table, ensuring that PBLE objects are properly tracked and managed throughout their lifecycle. Additionally, the implementation modifies the irdma_create_hmc_obj function to skip PBLE processing while maintaining proper handling in irdma_del_hmc_objects(), creating a balanced approach to object management during both creation and destruction phases.

The operational impact of this memory leak can be significant in environments where the irdma driver is frequently loaded and unloaded, particularly in high-performance computing and data center scenarios where RDMA operations are common. Memory fragmentation and gradual resource exhaustion can occur over time, potentially leading to system instability, reduced performance, or even system crashes in severe cases. The vulnerability aligns with CWE-401, which specifically addresses memory leaks in software systems, and represents a classic case of improper resource management in kernel-space code. From an ATT&CK perspective, this vulnerability could be leveraged by adversaries to perform resource exhaustion attacks or potentially contribute to privilege escalation scenarios if exploited in conjunction with other vulnerabilities. The fix ensures proper memory management practices are maintained throughout the HMC object lifecycle, preventing the accumulation of unreleased memory segments that could impact system reliability and performance. This remediation directly addresses the principles of secure memory management as outlined in industry best practices for kernel development and system security.

Responsible

Linux

Reservation

12/24/2025

Disclosure

12/24/2025

Moderation

accepted

CPE

ready

EPSS

0.00206

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!