CVE-2023-54146: x86/kexec: Fix double-free of elf header buffer
In the Linux kernel, the following vulnerability has been resolved:
x86/kexec: Fix double-free of elf header buffer
After
b3e34a47f989 ("x86/kexec: fix memory leak of elf header buffer"),
freeing image->elf_headers in the error path of crash_load_segments()
is not needed because kimage_file_post_load_cleanup() will take
care of that later. And not clearing it could result in a double-free.
Drop the superfluous vfree() call at the error path of
crash_load_segments().
Security readout for executives and security teams
Plain-English summary
This is a Linux kernel x86 kexec cleanup bug. In a specific error path during crash kernel loading, the kernel may free the same ELF header buffer twice. Double-free bugs can cause instability or memory corruption, but the provided sources do not include CVSS, exploitability details, or active exploitation evidence.
Executive priority
Treat as a kernel maintenance item with uncertain urgency. It deserves tracking and timely patching, especially on critical Linux hosts, but the provided evidence does not support emergency response or confirmed exploitation.
Technical view
The issue is in crash_load_segments() for x86 kexec. After commit b3e34a47f989, image->elf_headers is cleaned up later by kimage_file_post_load_cleanup(). The error path still called vfree() without clearing the pointer, creating a double-free risk. The fix removes that redundant vfree() call.
Likely exposure
Exposure is limited to Linux systems using affected kernel versions with x86 kexec crash loading paths. The source bundle lists Linux kernel references and version indicators, but does not provide distribution package names or complete platform impact details.
Exploitation context
CISA KEV is false in the bundle, and no cited source states active exploitation. The available description identifies a kernel memory-management flaw in an error path, not a confirmed remote attack vector or public exploit.
Researcher notes
The core signal is a double-free of image->elf_headers caused by redundant cleanup in crash_load_segments(). The source bundle lacks CVSS, CWE, trigger prerequisites, and distribution mappings, so validation should stay source- and vendor-advisory-driven.
Mitigation direction
Check Linux vendor advisories for patched kernels containing the referenced stable fixes.
Prioritize systems that use kexec or crash kernel loading on x86.
Update affected kernels through normal distribution maintenance channels.
If patching is delayed, review vendor guidance for operational workarounds.
Validation and detection
Inventory Linux kernel versions across x86 systems.
Compare running kernels against vendor advisories for CVE-2023-54146.
Check whether kexec or crash dump functionality is enabled on critical systems.
Verify deployed kernels include one of the referenced stable fix commits.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2023-54146 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
6Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Dec 24, 2025, 13:06 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.