CVE-2023-54036

wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU The wifi + bluetooth combo chip RTL8723BU can leak memory (especially?)
when it's connected to a bluetooth audio device. The busy bluetooth
traffic generates lots of C2H (card to host) messages, which are not
freed correctly. To fix this, move the dev_kfree_skb() call in rtl8xxxu_c2hcmd_callback()
inside the loop where skb_dequeue() is called. The RTL8192EU leaks memory because the C2H messages are added to the
queue and left there forever. (This was fine in the past because it
probably wasn't sending any C2H messages until commit e542e66b7c2e
("wifi: rtl8xxxu: gen2: Turn on the rate control"). Since that commit
it sends a C2H message when the TX rate changes.) To fix this, delete the check for rf_paths > 1 and the goto. Let the
function process the C2H messages from RTL8192EU like the ones from
the other chips. Theoretically the RTL8188FU could also leak like RTL8723BU, but it
most likely doesn't send C2H messages frequently enough. This change was tested with RTL8723BU by Erhard F. I tested it with
RTL8188FU and RTL8192EU.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-12-24 CVE Reserved
2025-12-24 CVE Published
2025-12-24 CVE Updated
2025-12-24 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/e542e66b7c2ee2adeefdbb7f259f2f60cadf2819	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/430f9f9bec53a75f9ccc53e156a66f13fc098b83	2023-03-11
https://git.kernel.org/stable/c/35fb0e275af1aa1ca0a9784417e90f988aaf8e78	2023-03-10
https://git.kernel.org/stable/c/93c3f34ec02fc81188d328287d4fddd498ccddea	2023-03-10
https://git.kernel.org/stable/c/f39a86b4efd270947ee252cc32a30b0aef492d65	2023-03-10
https://git.kernel.org/stable/c/b39f662ce1648db0b9de32e6a849b098480793cb	2023-01-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 5.10.173 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.10.173"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 5.15.99 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.15.99"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.1.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.1.16"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.2.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.2.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.3"		en		Affected