CVE-2023-54064 in Linux
Summary
by MITRE • 12/24/2025
In the Linux kernel, the following vulnerability has been resolved:
ipmi:ssif: Fix a memory leak when scanning for an adapter
The adapter scan ssif_info_find() sets info->adapter_name if the adapter info came from SMBIOS, as it's not set in that case. However, this function can be called more than once, and it will leak the adapter name if it had already been set. So check for NULL before setting it.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 12/30/2025
The vulnerability identified as CVE-2023-54064 represents a memory leak condition within the Linux kernel's IPMI subsystem, specifically affecting the ssif driver implementation. This issue occurs during the adapter scanning process where the system attempts to identify and configure IPMI hardware interfaces. The problem manifests in the ssif_info_find() function which is responsible for discovering and initializing IPMI adapters through the SMBIOS interface. When the kernel performs adapter enumeration, it must determine whether adapter information originates from SMBIOS data or requires alternative sourcing methods.
The technical flaw stems from improper memory management within the ssif_info_find() function where the adapter_name field is conditionally assigned based on the source of adapter information. When adapter data comes from SMBIOS, the adapter_name field remains unset initially. However, during subsequent calls to the same function, if the adapter_name has already been populated from a previous scan, the code fails to check for existing values before overwriting them. This results in the original memory allocation for adapter_name being lost without proper deallocation, creating a memory leak that accumulates over time as the system continues to scan for adapters. The vulnerability is classified as a memory leak under CWE-401 and represents a classic case of improper resource management in kernel space.
The operational impact of this memory leak can be significant in environments where IPMI adapter scanning occurs frequently or where systems maintain long uptime periods. As the memory leak accumulates, it can lead to gradual memory exhaustion which may result in system instability, reduced performance, or even system crashes in extreme cases. The vulnerability affects systems running Linux kernels that implement the IPMI subsystem with SSIF (Server Management Interface Forum) drivers, particularly those that perform regular adapter discovery operations. This type of vulnerability is particularly concerning in server environments where IPMI functionality is critical for remote management and monitoring operations. The issue aligns with ATT&CK technique T1070.004 which covers the use of system resource exhaustion to cause system instability.
Mitigation strategies for CVE-2023-54064 involve applying the official kernel patch that implements proper null checking before assigning adapter_name values during multiple function calls. System administrators should prioritize updating their Linux kernel versions to include the fix, particularly in production environments where IPMI functionality is actively used. The patch ensures that the ssif_info_find() function performs a null check before setting the adapter_name field, preventing the overwrite of existing memory allocations. Organizations should also consider implementing monitoring for memory usage patterns that might indicate resource exhaustion symptoms. Regular kernel updates and vulnerability assessments should be part of the security maintenance routine to prevent similar issues from accumulating in the system. The fix addresses the root cause by ensuring proper memory lifecycle management within the kernel's IPMI subsystem, aligning with security best practices for kernel space memory management and preventing potential escalation to more serious system stability issues.