LiveActive security incident?Get immediate response
CVE Record

CVE-2023-54146: x86/kexec: Fix double-free of elf header buffer

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Fix double-free of elf header buffer After b3e34a47f989 ("x86/kexec: fix memory leak of elf header buffer"), freeing image->elf_headers in the error path of crash_load_segments() is not needed because kimage_file_post_load_cleanup() will take care of that later. And not clearing it could result in a double-free. Drop the superfluous vfree() call at the error path of crash_load_segments().

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel x86 kexec cleanup bug. In a specific error path during crash kernel loading, the kernel may free the same ELF header buffer twice. Double-free bugs can cause instability or memory corruption, but the provided sources do not include CVSS, exploitability details, or active exploitation evidence.

Executive priority

Treat as a kernel maintenance item with uncertain urgency. It deserves tracking and timely patching, especially on critical Linux hosts, but the provided evidence does not support emergency response or confirmed exploitation.

Technical view

The issue is in crash_load_segments() for x86 kexec. After commit b3e34a47f989, image->elf_headers is cleaned up later by kimage_file_post_load_cleanup(). The error path still called vfree() without clearing the pointer, creating a double-free risk. The fix removes that redundant vfree() call.

Likely exposure

Exposure is limited to Linux systems using affected kernel versions with x86 kexec crash loading paths. The source bundle lists Linux kernel references and version indicators, but does not provide distribution package names or complete platform impact details.

Exploitation context

CISA KEV is false in the bundle, and no cited source states active exploitation. The available description identifies a kernel memory-management flaw in an error path, not a confirmed remote attack vector or public exploit.

Researcher notes

The core signal is a double-free of image->elf_headers caused by redundant cleanup in crash_load_segments(). The source bundle lacks CVSS, CWE, trigger prerequisites, and distribution mappings, so validation should stay source- and vendor-advisory-driven.

Mitigation direction

  • Check Linux vendor advisories for patched kernels containing the referenced stable fixes.
  • Prioritize systems that use kexec or crash kernel loading on x86.
  • Update affected kernels through normal distribution maintenance channels.
  • If patching is delayed, review vendor guidance for operational workarounds.

Validation and detection

  • Inventory Linux kernel versions across x86 systems.
  • Compare running kernels against vendor advisories for CVE-2023-54146.
  • Check whether kexec or crash dump functionality is enabled on critical systems.
  • Verify deployed kernels include one of the referenced stable fix commits.
Prepared
Confidence
medium
Sources
7

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-54146 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
6Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux23cf39dccf7653650701a6f39b119e9116a27f1a, 8765a423a87d74ef24ea02b43b2728fe4039f248, b3e34a47f98974d0844444c5121aaff123004e57, b3e34a47f98974d0844444c5121aaff123004e57, b3e34a47f98974d0844444c5121aaff123004e57, 115ee42a4c2f26ba2b4ace2668a3f004621f6833, f675e3a9189d84a9324ab45b0cb19906c2bc8fcb, 5.15.46, 5.17.14, 5.18.3unaffected
LinuxLinux5.19, 0, 5.15.87, 6.0.19, 6.1.5, 6.2affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.