CVE-2023-54194 (GCVE-0-2023-54194)
Vulnerability from cvelistv5
Published
2025-12-30 12:09
Modified
2025-12-30 12:09
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree The call stack shown below is a scenario in the Linux 4.19 kernel. Allocating memory failed where exfat fs use kmalloc_array due to system memory fragmentation, while the u-disk was inserted without recognition. Devices such as u-disk using the exfat file system are pluggable and may be insert into the system at any time. However, long-term running systems cannot guarantee the continuity of physical memory. Therefore, it's necessary to address this issue. Binder:2632_6: page allocation failure: order:4, mode:0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) Call trace: [242178.097582] dump_backtrace+0x0/0x4 [242178.097589] dump_stack+0xf4/0x134 [242178.097598] warn_alloc+0xd8/0x144 [242178.097603] __alloc_pages_nodemask+0x1364/0x1384 [242178.097608] kmalloc_order+0x2c/0x510 [242178.097612] kmalloc_order_trace+0x40/0x16c [242178.097618] __kmalloc+0x360/0x408 [242178.097624] load_alloc_bitmap+0x160/0x284 [242178.097628] exfat_fill_super+0xa3c/0xe7c [242178.097635] mount_bdev+0x2e8/0x3a0 [242178.097638] exfat_fs_mount+0x40/0x50 [242178.097643] mount_fs+0x138/0x2e8 [242178.097649] vfs_kern_mount+0x90/0x270 [242178.097655] do_mount+0x798/0x173c [242178.097659] ksys_mount+0x114/0x1ac [242178.097665] __arm64_sys_mount+0x24/0x34 [242178.097671] el0_svc_common+0xb8/0x1b8 [242178.097676] el0_svc_handler+0x74/0x90 [242178.097681] el0_svc+0x8/0x340 By analyzing the exfat code,we found that continuous physical memory is not required here,so kvmalloc_array is used can solve this problem.
References
Impacted products
Vendor Product Version
Linux Linux Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/exfat/balloc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "79d16a84ea41272dfcb0c00f9798ddd0edd8098d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8a34a242cf03211cc89f68308d149b793f63c479",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1427a7e96fb90d0896f74f5bcd21feb03cc7c3d0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0c5c3e8a2550b6b2a304b45f260296db9c09df96",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "daf60d6cca26e50d65dac374db92e58de745ad26",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/exfat/balloc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.126",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.45",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.190",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.126",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.45",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree\n\nThe call stack shown below is a scenario in the Linux 4.19 kernel.\nAllocating memory failed where exfat fs use kmalloc_array due to\nsystem memory fragmentation, while the u-disk was inserted without\nrecognition.\nDevices such as u-disk using the exfat file system are pluggable and\nmay be insert into the system at any time.\nHowever, long-term running systems cannot guarantee the continuity of\nphysical memory. Therefore, it\u0027s necessary to address this issue.\n\nBinder:2632_6: page allocation failure: order:4,\n mode:0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null)\nCall trace:\n[242178.097582]  dump_backtrace+0x0/0x4\n[242178.097589]  dump_stack+0xf4/0x134\n[242178.097598]  warn_alloc+0xd8/0x144\n[242178.097603]  __alloc_pages_nodemask+0x1364/0x1384\n[242178.097608]  kmalloc_order+0x2c/0x510\n[242178.097612]  kmalloc_order_trace+0x40/0x16c\n[242178.097618]  __kmalloc+0x360/0x408\n[242178.097624]  load_alloc_bitmap+0x160/0x284\n[242178.097628]  exfat_fill_super+0xa3c/0xe7c\n[242178.097635]  mount_bdev+0x2e8/0x3a0\n[242178.097638]  exfat_fs_mount+0x40/0x50\n[242178.097643]  mount_fs+0x138/0x2e8\n[242178.097649]  vfs_kern_mount+0x90/0x270\n[242178.097655]  do_mount+0x798/0x173c\n[242178.097659]  ksys_mount+0x114/0x1ac\n[242178.097665]  __arm64_sys_mount+0x24/0x34\n[242178.097671]  el0_svc_common+0xb8/0x1b8\n[242178.097676]  el0_svc_handler+0x74/0x90\n[242178.097681]  el0_svc+0x8/0x340\n\nBy analyzing the exfat code,we found that continuous physical memory\nis not required here,so kvmalloc_array is used can solve this problem."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T12:09:01.436Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/79d16a84ea41272dfcb0c00f9798ddd0edd8098d"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a34a242cf03211cc89f68308d149b793f63c479"
        },
        {
          "url": "https://git.kernel.org/stable/c/1427a7e96fb90d0896f74f5bcd21feb03cc7c3d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c5c3e8a2550b6b2a304b45f260296db9c09df96"
        },
        {
          "url": "https://git.kernel.org/stable/c/daf60d6cca26e50d65dac374db92e58de745ad26"
        }
      ],
      "title": "exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54194",
    "datePublished": "2025-12-30T12:09:01.436Z",
    "dateReserved": "2025-12-30T12:06:44.498Z",
    "dateUpdated": "2025-12-30T12:09:01.436Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-54194\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-30T13:16:07.437\",\"lastModified\":\"2025-12-30T13:16:07.437\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nexfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree\\n\\nThe call stack shown below is a scenario in the Linux 4.19 kernel.\\nAllocating memory failed where exfat fs use kmalloc_array due to\\nsystem memory fragmentation, while the u-disk was inserted without\\nrecognition.\\nDevices such as u-disk using the exfat file system are pluggable and\\nmay be insert into the system at any time.\\nHowever, long-term running systems cannot guarantee the continuity of\\nphysical memory. Therefore, it\u0027s necessary to address this issue.\\n\\nBinder:2632_6: page allocation failure: order:4,\\n mode:0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null)\\nCall trace:\\n[242178.097582]  dump_backtrace+0x0/0x4\\n[242178.097589]  dump_stack+0xf4/0x134\\n[242178.097598]  warn_alloc+0xd8/0x144\\n[242178.097603]  __alloc_pages_nodemask+0x1364/0x1384\\n[242178.097608]  kmalloc_order+0x2c/0x510\\n[242178.097612]  kmalloc_order_trace+0x40/0x16c\\n[242178.097618]  __kmalloc+0x360/0x408\\n[242178.097624]  load_alloc_bitmap+0x160/0x284\\n[242178.097628]  exfat_fill_super+0xa3c/0xe7c\\n[242178.097635]  mount_bdev+0x2e8/0x3a0\\n[242178.097638]  exfat_fs_mount+0x40/0x50\\n[242178.097643]  mount_fs+0x138/0x2e8\\n[242178.097649]  vfs_kern_mount+0x90/0x270\\n[242178.097655]  do_mount+0x798/0x173c\\n[242178.097659]  ksys_mount+0x114/0x1ac\\n[242178.097665]  __arm64_sys_mount+0x24/0x34\\n[242178.097671]  el0_svc_common+0xb8/0x1b8\\n[242178.097676]  el0_svc_handler+0x74/0x90\\n[242178.097681]  el0_svc+0x8/0x340\\n\\nBy analyzing the exfat code,we found that continuous physical memory\\nis not required here,so kvmalloc_array is used can solve this problem.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0c5c3e8a2550b6b2a304b45f260296db9c09df96\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1427a7e96fb90d0896f74f5bcd21feb03cc7c3d0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/79d16a84ea41272dfcb0c00f9798ddd0edd8098d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8a34a242cf03211cc89f68308d149b793f63c479\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/daf60d6cca26e50d65dac374db92e58de745ad26\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.