What is CVE-2023-54131?

CVE-2023-54131 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.11 onward and patched in 5.15.111, 6.1.28, 6.2.15 and others. CVE-2023-54131 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-54131?

CVE-2023-54131 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-54131?

Yes, CVE-2023-54131 has been patched. Fixed versions include 5.15.111, 6.1.28, 6.2.15 and others. If you are running Linux kernel 5.11 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-54131 actively exploited?

CVE-2023-54131 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-54131

In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: Fix memory leak when handling surveys When removing a rt2x00 device, its associated channel surveys are not freed, causing a memory leak observable with kmemleak: unreferenced object 0xffff9620f0881a00 (size 512): comm "systemd-udevd", pid 2290, jiffies 4294906974 (age 33.768s) hex dump (first 32 bytes): 70 44 12 00 00 00 00 00 92 8a 00 00 00 00 00 00 pD.............. 00 00 00 00 00 00 00 00 ab 87 01 00 00 00 00 00 ................ backtrace: [<ffffffffb0ed858b>] __kmalloc+0x4b/0x130 [<ffffffffc1b0f29b>] rt2800_probe_hw+0xc2b/0x1380 [rt2800lib] [<ffffffffc1a9496e>] rt2800usb_probe_hw+0xe/0x60 [rt2800usb] [<ffffffffc1ae491a>] rt2x00lib_probe_dev+0x21a/0x7d0 [rt2x00lib] [<ffffffffc1b3b83e>] rt2x00usb_probe+0x1be/0x980 [rt2x00usb] [<ffffffffc05981e2>] usb_probe_interface+0xe2/0x310 [usbcore] [<ffffffffb13be2d5>] really_probe+0x1a5/0x410 [<ffffffffb13be5c8>] __driver_probe_device+0x78/0x180 [<ffffffffb13be6fe>] driver_probe_device+0x1e/0x90 [<ffffffffb13be972>] __driver_attach+0xd2/0x1c0 [<ffffffffb13bbc57>] bus_for_each_dev+0x77/0xd0 [<ffffffffb13bd2a2>] bus_add_driver+0x112/0x210 [<ffffffffb13bfc6c>] driver_register+0x5c/0x120 [<ffffffffc0596ae8>] usb_register_driver+0x88/0x150 [usbcore] [<ffffffffb0c011c4>] do_one_initcall+0x44/0x220 [<ffffffffb0d6134c>] do_init_module+0x4c/0x220 Fix this by freeing the channel surveys on device removal. Tested with a RT3070 based USB wireless adapter.

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.11 and later are affected. Fixed in 5.15.111, 6.1.28, 6.2.15, 6.3.2, 6.4 and their respective stable series.

Affected from

≥ 5.11

Fixed in

✓ 5.15.111 5.15.x ✓ 6.1.28 6.1.x ✓ 6.2.15 6.2.x ✓ 6.3.2 6.3.x ✓ 6.4

References

The following references provide additional information about CVE-2023-54131 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0354bce76ed1d775904acdb4cc0bf88c5b9b5b9f
Patch
Kernel patch commit
https://git.kernel.org/stable/c/494064ffd60d044c097d514917c40913d1affbca
Patch
Kernel patch commit
https://git.kernel.org/stable/c/bea3f8aa999318bdffa2d17753e492f76904f0ce
Patch

5 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-54131?

CVE-2023-54131 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.11 onward and has been patched in 5.15.111, 6.1.28, 6.2.15 and others. CVE-2023-54131 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-54131?

Yes — CVE-2023-54131 has been patched. Fixed versions include 5.15.111, 6.1.28, 6.2.15 and others. If you are running Linux kernel 5.11 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-54131 actively exploited?

No — CVE-2023-54131 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.