cvelistv5 - cve-2023-54061

CVE-2023-54061 (GCVE-0-2023-54061)

Vulnerability from cvelistv5

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Show details on NVD website

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2025-12-29T14:55:54.287Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54061",
    "datePublished": "2025-12-24T12:23:07.954Z",
    "dateRejected": "2025-12-29T14:55:54.287Z",
    "dateReserved": "2025-12-24T12:21:05.091Z",
    "dateUpdated": "2025-12-29T14:55:54.287Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-54061\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-24T13:16:07.890\",\"lastModified\":\"2025-12-29T15:15:51.483\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\"}],\"metrics\":{},\"references\":[]}}"
  }
}

ghsa-pc2m-8vj8-3gp4

Vulnerability from github

Published

2025-12-24 15:30

Modified

2025-12-24 15:30

Details

In the Linux kernel, the following vulnerability has been resolved:

x86: fix clear_user_rep_good() exception handling annotation

This code no longer exists in mainline, because it was removed in commit d2c95f9d6802 ("x86: don't use REP_GOOD or ERMS for user memory clearing") upstream.

However, rather than backport the full range of x86 memory clearing and copying cleanups, fix the exception table annotation placement for the final 'rep movsb' in clear_user_rep_good(): rather than pointing at the actual instruction that did the user space access, it pointed to the register move just before it.

That made sense from a code flow standpoint, but not from an actual usage standpoint: it means that if user access takes an exception, the exception handler won't actually find the instruction in the exception tables.

As a result, rather than fixing it up and returning -EFAULT, it would then turn it into a kernel oops report instead, something like:

BUG: unable to handle page fault for address: 0000000020081000
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
...
RIP: 0010:clear_user_rep_good+0x1c/0x30 arch/x86/lib/clear_page_64.S:147
...
Call Trace:
  __clear_user arch/x86/include/asm/uaccess_64.h:103 [inline]
  clear_user arch/x86/include/asm/uaccess_64.h:124 [inline]
  iov_iter_zero+0x709/0x1290 lib/iov_iter.c:800
  iomap_dio_hole_iter fs/iomap/direct-io.c:389 [inline]
  iomap_dio_iter fs/iomap/direct-io.c:440 [inline]
  __iomap_dio_rw+0xe3d/0x1cd0 fs/iomap/direct-io.c:601
  iomap_dio_rw+0x40/0xa0 fs/iomap/direct-io.c:689
  ext4_dio_read_iter fs/ext4/file.c:94 [inline]
  ext4_file_read_iter+0x4be/0x690 fs/ext4/file.c:145
  call_read_iter include/linux/fs.h:2183 [inline]
  do_iter_readv_writev+0x2e0/0x3b0 fs/read_write.c:733
  do_iter_read+0x2f2/0x750 fs/read_write.c:796
  vfs_readv+0xe5/0x150 fs/read_write.c:916
  do_preadv+0x1b6/0x270 fs/read_write.c:1008
  __do_sys_preadv2 fs/read_write.c:1070 [inline]
  __se_sys_preadv2 fs/read_write.c:1061 [inline]
  __x64_sys_preadv2+0xef/0x150 fs/read_write.c:1061
  do_syscall_x64 arch/x86/entry/common.c:50 [inline]
  do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
  entry_SYSCALL_64_after_hwframe+0x63/0xcd

which then looks like a filesystem bug rather than the incorrect exception annotation that it is.

[ The alternative to this one-liner fix is to take the upstream series that cleans this all up:

68674f94ffc9 ("x86: don't use REP_GOOD or ERMS for small memory copies")
20f3337d350c ("x86: don't use REP_GOOD or ERMS for small memory clearing")
adfcf4231b8c ("x86: don't use REP_GOOD or ERMS for user memory copies")

d2c95f9d6802 ("x86: don't use REP_GOOD or ERMS for user memory clearing") 3639a535587d ("x86: move stac/clac from user copy routines into callers") 577e6a7fd50d ("x86: inline the 'rep movs' in user copies for the FSRM case") 8c9b6a88b7e2 ("x86: improve on the non-rep 'clear_user' function") 427fda2c8a49 ("x86: improve on the non-rep 'copy_user' function")
e046fe5a36a9 ("x86: set FSRS automatically on AMD CPUs that have FSRM") e1f2750edc4a ("x86: remove 'zerorest' argument from __copy_user_nocache()") 034ff37d3407 ("x86: rewrite '__copy_user_nocache' function")

with either the whole series or at a minimum the two marked commits being needed to fix this issue ]

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-54061"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-24T13:16:07Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86: fix clear_user_rep_good() exception handling annotation\n\nThis code no longer exists in mainline, because it was removed in\ncommit d2c95f9d6802 (\"x86: don\u0027t use REP_GOOD or ERMS for user memory\nclearing\") upstream.\n\nHowever, rather than backport the full range of x86 memory clearing and\ncopying cleanups, fix the exception table annotation placement for the\nfinal \u0027rep movsb\u0027 in clear_user_rep_good(): rather than pointing at the\nactual instruction that did the user space access, it pointed to the\nregister move just before it.\n\nThat made sense from a code flow standpoint, but not from an actual\nusage standpoint: it means that if user access takes an exception, the\nexception handler won\u0027t actually find the instruction in the exception\ntables.\n\nAs a result, rather than fixing it up and returning -EFAULT, it would\nthen turn it into a kernel oops report instead, something like:\n\n    BUG: unable to handle page fault for address: 0000000020081000\n    #PF: supervisor write access in kernel mode\n    #PF: error_code(0x0002) - not-present page\n    ...\n    RIP: 0010:clear_user_rep_good+0x1c/0x30 arch/x86/lib/clear_page_64.S:147\n    ...\n    Call Trace:\n      __clear_user arch/x86/include/asm/uaccess_64.h:103 [inline]\n      clear_user arch/x86/include/asm/uaccess_64.h:124 [inline]\n      iov_iter_zero+0x709/0x1290 lib/iov_iter.c:800\n      iomap_dio_hole_iter fs/iomap/direct-io.c:389 [inline]\n      iomap_dio_iter fs/iomap/direct-io.c:440 [inline]\n      __iomap_dio_rw+0xe3d/0x1cd0 fs/iomap/direct-io.c:601\n      iomap_dio_rw+0x40/0xa0 fs/iomap/direct-io.c:689\n      ext4_dio_read_iter fs/ext4/file.c:94 [inline]\n      ext4_file_read_iter+0x4be/0x690 fs/ext4/file.c:145\n      call_read_iter include/linux/fs.h:2183 [inline]\n      do_iter_readv_writev+0x2e0/0x3b0 fs/read_write.c:733\n      do_iter_read+0x2f2/0x750 fs/read_write.c:796\n      vfs_readv+0xe5/0x150 fs/read_write.c:916\n      do_preadv+0x1b6/0x270 fs/read_write.c:1008\n      __do_sys_preadv2 fs/read_write.c:1070 [inline]\n      __se_sys_preadv2 fs/read_write.c:1061 [inline]\n      __x64_sys_preadv2+0xef/0x150 fs/read_write.c:1061\n      do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n      do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n      entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nwhich then looks like a filesystem bug rather than the incorrect\nexception annotation that it is.\n\n[ The alternative to this one-liner fix is to take the upstream series\n  that cleans this all up:\n\n    68674f94ffc9 (\"x86: don\u0027t use REP_GOOD or ERMS for small memory copies\")\n    20f3337d350c (\"x86: don\u0027t use REP_GOOD or ERMS for small memory clearing\")\n    adfcf4231b8c (\"x86: don\u0027t use REP_GOOD or ERMS for user memory copies\")\n  * d2c95f9d6802 (\"x86: don\u0027t use REP_GOOD or ERMS for user memory clearing\")\n    3639a535587d (\"x86: move stac/clac from user copy routines into callers\")\n    577e6a7fd50d (\"x86: inline the \u0027rep movs\u0027 in user copies for the FSRM case\")\n    8c9b6a88b7e2 (\"x86: improve on the non-rep \u0027clear_user\u0027 function\")\n    427fda2c8a49 (\"x86: improve on the non-rep \u0027copy_user\u0027 function\")\n  * e046fe5a36a9 (\"x86: set FSRS automatically on AMD CPUs that have FSRM\")\n    e1f2750edc4a (\"x86: remove \u0027zerorest\u0027 argument from __copy_user_nocache()\")\n    034ff37d3407 (\"x86: rewrite \u0027__copy_user_nocache\u0027 function\")\n\n  with either the whole series or at a minimum the two marked commits\n  being needed to fix this issue ]",
  "id": "GHSA-pc2m-8vj8-3gp4",
  "modified": "2025-12-24T15:30:36Z",
  "published": "2025-12-24T15:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54061"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b805d212c394f291f116b12c53401e7ba0c4d408"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2023-54061

Vulnerability from fkie_nvd

Published

2025-12-24 13:16

Modified

2025-12-29 15:15

Severity ?

Summary

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

References

	URL	Tags

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
    }
  ],
  "id": "CVE-2023-54061",
  "lastModified": "2025-12-29T15:15:51.483",
  "metrics": {},
  "published": "2025-12-24T13:16:07.890",
  "references": [],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Rejected"
}

msrc_cve-2023-54061

Vulnerability from csaf_microsoft

Published

2025-12-02 00:00

Modified

2025-12-26 14:38

Summary

x86: fix clear_user_rep_good() exception handling annotation

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2023-54061 x86: fix clear_user_rep_good() exception handling annotation - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2023-54061.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "x86: fix clear_user_rep_good() exception handling annotation",
    "tracking": {
      "current_release_date": "2025-12-26T14:38:55.000Z",
      "generator": {
        "date": "2025-12-26T20:23:23.524Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2023-54061",
      "initial_release_date": "2025-12-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-12-25T01:06:07.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2025-12-26T14:38:55.000Z",
          "legacy_version": "2",
          "number": "2",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "azl3 kernel 6.6.117.1-1",
                "product": {
                  "name": "azl3 kernel 6.6.117.1-1",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "kernel"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 kernel 6.6.117.1-1 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-54061",
      "notes": [
        {
          "category": "general",
          "text": "Linux",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "known_affected": [
          "17084-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-54061 x86: fix clear_user_rep_good() exception handling annotation - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2023-54061.json"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "date": "2025-12-25T01:06:07.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-1"
          ]
        }
      ],
      "title": "x86: fix clear_user_rep_good() exception handling annotation"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-54061 (GCVE-0-2023-54061)

Vulnerability from cvelistv5

ghsa-pc2m-8vj8-3gp4

Vulnerability from github

fkie_cve-2023-54061

Vulnerability from fkie_nvd

msrc_cve-2023-54061

Vulnerability from csaf_microsoft

Tags

Sightings

Nomenclature