{"id":"CVE-2023-53696","summary":"scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix memory leak in qla2x00_probe_one()\n\nThere is a memory leak reported by kmemleak:\n\n  unreferenced object 0xffffc900003f0000 (size 12288):\n    comm \"modprobe\", pid 19117, jiffies 4299751452 (age 42490.264s)\n    hex dump (first 32 bytes):\n      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    backtrace:\n      [\u003c00000000629261a8\u003e] __vmalloc_node_range+0xe56/0x1110\n      [\u003c0000000001906886\u003e] __vmalloc_node+0xbd/0x150\n      [\u003c000000005bb4dc34\u003e] vmalloc+0x25/0x30\n      [\u003c00000000a2dc1194\u003e] qla2x00_create_host+0x7a0/0xe30 [qla2xxx]\n      [\u003c0000000062b14b47\u003e] qla2x00_probe_one+0x2eb8/0xd160 [qla2xxx]\n      [\u003c00000000641ccc04\u003e] local_pci_probe+0xeb/0x1a0\n\nThe root cause is traced to an error-handling path in qla2x00_probe_one()\nwhen the adapter \"base_vha\" initialize failed. The fab_scan_rp \"scan.l\" is\nused to record the port information and it is allocated in\nqla2x00_create_host(). However, it is not released in the error handling\npath \"probe_failed\".\n\nFix this by freeing the memory of \"scan.l\" when an error occurs in the\nadapter initialization process.","modified":"2026-03-20T12:33:17.977360Z","published":"2025-10-22T13:23:37.110Z","related":["SUSE-SU-2025:4111-1","SUSE-SU-2025:4139-1","SUSE-SU-2025:4149-1","SUSE-SU-2025:4189-1","SUSE-SU-2025:4320-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53696.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/44374911ac63f769c442f56fdfadea673c5f4425"},{"type":"WEB","url":"https://git.kernel.org/stable/c/582e35e97318ccd9c81774bac08938291679525f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/85ade4010e13ef152ea925c74d94253db92e5428"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ae73c4dd48f2c79d515d509a0cbe9efb0a197f44"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53696.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53696"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a4239945b8ad112fb914d0605c8f6c5fd3330f61"},{"fixed":"ae73c4dd48f2c79d515d509a0cbe9efb0a197f44"},{"fixed":"44374911ac63f769c442f56fdfadea673c5f4425"},{"fixed":"582e35e97318ccd9c81774bac08938291679525f"},{"fixed":"85ade4010e13ef152ea925c74d94253db92e5428"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53696.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.16.0"},{"fixed":"5.15.107"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.24"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.2.11"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53696.json"}}],"schema_version":"1.7.5"}