CVE-2023-54291 (GCVE-0-2023-54291)
Vulnerability from cvelistv5
Published
2025-12-30 12:23
Modified
2025-12-30 12:23
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vduse_vdpa_set_vq_affinity callback can be called with NULL value as cpu_mask when deleting the vduse device. This patch resets virtqueue's IRQ affinity mask value to set all CPUs instead of dereferencing NULL cpu_mask. [ 4760.952149] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 4760.959110] #PF: supervisor read access in kernel mode [ 4760.964247] #PF: error_code(0x0000) - not-present page [ 4760.969385] PGD 0 P4D 0 [ 4760.971927] Oops: 0000 [#1] PREEMPT SMP PTI [ 4760.976112] CPU: 13 PID: 2346 Comm: vdpa Not tainted 6.4.0-rc6+ #4 [ 4760.982291] Hardware name: Dell Inc. PowerEdge R640/0W23H8, BIOS 2.8.1 06/26/2020 [ 4760.989769] RIP: 0010:memcpy_orig+0xc5/0x130 [ 4760.994049] Code: 16 f8 4c 89 07 4c 89 4f 08 4c 89 54 17 f0 4c 89 5c 17 f8 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 fa 08 72 1b <4c> 8b 06 4c 8b 4c 16 f8 4c 89 07 4c 89 4c 17 f8 c3 cc cc cc cc 66 [ 4761.012793] RSP: 0018:ffffb1d565abb830 EFLAGS: 00010246 [ 4761.018020] RAX: ffff9f4bf6b27898 RBX: ffff9f4be23969c0 RCX: ffff9f4bcadf6400 [ 4761.025152] RDX: 0000000000000008 RSI: 0000000000000000 RDI: ffff9f4bf6b27898 [ 4761.032286] RBP: 0000000000000000 R08: 0000000000000008 R09: 0000000000000000 [ 4761.039416] R10: 0000000000000000 R11: 0000000000000600 R12: 0000000000000000 [ 4761.046549] R13: 0000000000000000 R14: 0000000000000080 R15: ffffb1d565abbb10 [ 4761.053680] FS: 00007f64c2ec2740(0000) GS:ffff9f635f980000(0000) knlGS:0000000000000000 [ 4761.061765] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4761.067513] CR2: 0000000000000000 CR3: 0000001875270006 CR4: 00000000007706e0 [ 4761.074645] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4761.081775] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4761.088909] PKRU: 55555554 [ 4761.091620] Call Trace: [ 4761.094074] <TASK> [ 4761.096180] ? __die+0x1f/0x70 [ 4761.099238] ? page_fault_oops+0x171/0x4f0 [ 4761.103340] ? exc_page_fault+0x7b/0x180 [ 4761.107265] ? asm_exc_page_fault+0x22/0x30 [ 4761.111460] ? memcpy_orig+0xc5/0x130 [ 4761.115126] vduse_vdpa_set_vq_affinity+0x3e/0x50 [vduse] [ 4761.120533] virtnet_clean_affinity.part.0+0x3d/0x90 [virtio_net] [ 4761.126635] remove_vq_common+0x1a4/0x250 [virtio_net] [ 4761.131781] virtnet_remove+0x5d/0x70 [virtio_net] [ 4761.136580] virtio_dev_remove+0x3a/0x90 [ 4761.140509] device_release_driver_internal+0x19b/0x200 [ 4761.145742] bus_remove_device+0xc2/0x130 [ 4761.149755] device_del+0x158/0x3e0 [ 4761.153245] ? kernfs_find_ns+0x35/0xc0 [ 4761.157086] device_unregister+0x13/0x60 [ 4761.161010] unregister_virtio_device+0x11/0x20 [ 4761.165543] device_release_driver_internal+0x19b/0x200 [ 4761.170770] bus_remove_device+0xc2/0x130 [ 4761.174782] device_del+0x158/0x3e0 [ 4761.178276] ? __pfx_vdpa_name_match+0x10/0x10 [vdpa] [ 4761.183336] device_unregister+0x13/0x60 [ 4761.187260] vdpa_nl_cmd_dev_del_set_doit+0x63/0xe0 [vdpa]
References
Impacted products
Vendor Product Version
Linux Linux Version: 28f6288eb63d5979fa6758e64f52e4d55cf184a8
Version: 28f6288eb63d5979fa6758e64f52e4d55cf184a8
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/vdpa/vdpa_user/vduse_dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f9d46429de2a251e1e4962e1bf86c344d6336562",
              "status": "affected",
              "version": "28f6288eb63d5979fa6758e64f52e4d55cf184a8",
              "versionType": "git"
            },
            {
              "lessThan": "f06cf1e1a503169280467d12d2ec89bf2c30ace7",
              "status": "affected",
              "version": "28f6288eb63d5979fa6758e64f52e4d55cf184a8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/vdpa/vdpa_user/vduse_dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.4",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvduse: fix NULL pointer dereference\n\nvduse_vdpa_set_vq_affinity callback can be called\nwith NULL value as cpu_mask when deleting the vduse\ndevice.\n\nThis patch resets virtqueue\u0027s IRQ affinity mask value\nto set all CPUs instead of dereferencing NULL cpu_mask.\n\n[ 4760.952149] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 4760.959110] #PF: supervisor read access in kernel mode\n[ 4760.964247] #PF: error_code(0x0000) - not-present page\n[ 4760.969385] PGD 0 P4D 0\n[ 4760.971927] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 4760.976112] CPU: 13 PID: 2346 Comm: vdpa Not tainted 6.4.0-rc6+ #4\n[ 4760.982291] Hardware name: Dell Inc. PowerEdge R640/0W23H8, BIOS 2.8.1 06/26/2020\n[ 4760.989769] RIP: 0010:memcpy_orig+0xc5/0x130\n[ 4760.994049] Code: 16 f8 4c 89 07 4c 89 4f 08 4c 89 54 17 f0 4c 89 5c 17 f8 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 fa 08 72 1b \u003c4c\u003e 8b 06 4c 8b 4c 16 f8 4c 89 07 4c 89 4c 17 f8 c3 cc cc cc cc 66\n[ 4761.012793] RSP: 0018:ffffb1d565abb830 EFLAGS: 00010246\n[ 4761.018020] RAX: ffff9f4bf6b27898 RBX: ffff9f4be23969c0 RCX: ffff9f4bcadf6400\n[ 4761.025152] RDX: 0000000000000008 RSI: 0000000000000000 RDI: ffff9f4bf6b27898\n[ 4761.032286] RBP: 0000000000000000 R08: 0000000000000008 R09: 0000000000000000\n[ 4761.039416] R10: 0000000000000000 R11: 0000000000000600 R12: 0000000000000000\n[ 4761.046549] R13: 0000000000000000 R14: 0000000000000080 R15: ffffb1d565abbb10\n[ 4761.053680] FS:  00007f64c2ec2740(0000) GS:ffff9f635f980000(0000) knlGS:0000000000000000\n[ 4761.061765] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4761.067513] CR2: 0000000000000000 CR3: 0000001875270006 CR4: 00000000007706e0\n[ 4761.074645] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4761.081775] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 4761.088909] PKRU: 55555554\n[ 4761.091620] Call Trace:\n[ 4761.094074]  \u003cTASK\u003e\n[ 4761.096180]  ? __die+0x1f/0x70\n[ 4761.099238]  ? page_fault_oops+0x171/0x4f0\n[ 4761.103340]  ? exc_page_fault+0x7b/0x180\n[ 4761.107265]  ? asm_exc_page_fault+0x22/0x30\n[ 4761.111460]  ? memcpy_orig+0xc5/0x130\n[ 4761.115126]  vduse_vdpa_set_vq_affinity+0x3e/0x50 [vduse]\n[ 4761.120533]  virtnet_clean_affinity.part.0+0x3d/0x90 [virtio_net]\n[ 4761.126635]  remove_vq_common+0x1a4/0x250 [virtio_net]\n[ 4761.131781]  virtnet_remove+0x5d/0x70 [virtio_net]\n[ 4761.136580]  virtio_dev_remove+0x3a/0x90\n[ 4761.140509]  device_release_driver_internal+0x19b/0x200\n[ 4761.145742]  bus_remove_device+0xc2/0x130\n[ 4761.149755]  device_del+0x158/0x3e0\n[ 4761.153245]  ? kernfs_find_ns+0x35/0xc0\n[ 4761.157086]  device_unregister+0x13/0x60\n[ 4761.161010]  unregister_virtio_device+0x11/0x20\n[ 4761.165543]  device_release_driver_internal+0x19b/0x200\n[ 4761.170770]  bus_remove_device+0xc2/0x130\n[ 4761.174782]  device_del+0x158/0x3e0\n[ 4761.178276]  ? __pfx_vdpa_name_match+0x10/0x10 [vdpa]\n[ 4761.183336]  device_unregister+0x13/0x60\n[ 4761.187260]  vdpa_nl_cmd_dev_del_set_doit+0x63/0xe0 [vdpa]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T12:23:29.754Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f9d46429de2a251e1e4962e1bf86c344d6336562"
        },
        {
          "url": "https://git.kernel.org/stable/c/f06cf1e1a503169280467d12d2ec89bf2c30ace7"
        }
      ],
      "title": "vduse: fix NULL pointer dereference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54291",
    "datePublished": "2025-12-30T12:23:29.754Z",
    "dateReserved": "2025-12-30T12:06:44.527Z",
    "dateUpdated": "2025-12-30T12:23:29.754Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-54291\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-30T13:16:18.170\",\"lastModified\":\"2025-12-31T20:42:43.210\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nvduse: fix NULL pointer dereference\\n\\nvduse_vdpa_set_vq_affinity callback can be called\\nwith NULL value as cpu_mask when deleting the vduse\\ndevice.\\n\\nThis patch resets virtqueue\u0027s IRQ affinity mask value\\nto set all CPUs instead of dereferencing NULL cpu_mask.\\n\\n[ 4760.952149] BUG: kernel NULL pointer dereference, address: 0000000000000000\\n[ 4760.959110] #PF: supervisor read access in kernel mode\\n[ 4760.964247] #PF: error_code(0x0000) - not-present page\\n[ 4760.969385] PGD 0 P4D 0\\n[ 4760.971927] Oops: 0000 [#1] PREEMPT SMP PTI\\n[ 4760.976112] CPU: 13 PID: 2346 Comm: vdpa Not tainted 6.4.0-rc6+ #4\\n[ 4760.982291] Hardware name: Dell Inc. PowerEdge R640/0W23H8, BIOS 2.8.1 06/26/2020\\n[ 4760.989769] RIP: 0010:memcpy_orig+0xc5/0x130\\n[ 4760.994049] Code: 16 f8 4c 89 07 4c 89 4f 08 4c 89 54 17 f0 4c 89 5c 17 f8 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 fa 08 72 1b \u003c4c\u003e 8b 06 4c 8b 4c 16 f8 4c 89 07 4c 89 4c 17 f8 c3 cc cc cc cc 66\\n[ 4761.012793] RSP: 0018:ffffb1d565abb830 EFLAGS: 00010246\\n[ 4761.018020] RAX: ffff9f4bf6b27898 RBX: ffff9f4be23969c0 RCX: ffff9f4bcadf6400\\n[ 4761.025152] RDX: 0000000000000008 RSI: 0000000000000000 RDI: ffff9f4bf6b27898\\n[ 4761.032286] RBP: 0000000000000000 R08: 0000000000000008 R09: 0000000000000000\\n[ 4761.039416] R10: 0000000000000000 R11: 0000000000000600 R12: 0000000000000000\\n[ 4761.046549] R13: 0000000000000000 R14: 0000000000000080 R15: ffffb1d565abbb10\\n[ 4761.053680] FS:  00007f64c2ec2740(0000) GS:ffff9f635f980000(0000) knlGS:0000000000000000\\n[ 4761.061765] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n[ 4761.067513] CR2: 0000000000000000 CR3: 0000001875270006 CR4: 00000000007706e0\\n[ 4761.074645] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\\n[ 4761.081775] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\\n[ 4761.088909] PKRU: 55555554\\n[ 4761.091620] Call Trace:\\n[ 4761.094074]  \u003cTASK\u003e\\n[ 4761.096180]  ? __die+0x1f/0x70\\n[ 4761.099238]  ? page_fault_oops+0x171/0x4f0\\n[ 4761.103340]  ? exc_page_fault+0x7b/0x180\\n[ 4761.107265]  ? asm_exc_page_fault+0x22/0x30\\n[ 4761.111460]  ? memcpy_orig+0xc5/0x130\\n[ 4761.115126]  vduse_vdpa_set_vq_affinity+0x3e/0x50 [vduse]\\n[ 4761.120533]  virtnet_clean_affinity.part.0+0x3d/0x90 [virtio_net]\\n[ 4761.126635]  remove_vq_common+0x1a4/0x250 [virtio_net]\\n[ 4761.131781]  virtnet_remove+0x5d/0x70 [virtio_net]\\n[ 4761.136580]  virtio_dev_remove+0x3a/0x90\\n[ 4761.140509]  device_release_driver_internal+0x19b/0x200\\n[ 4761.145742]  bus_remove_device+0xc2/0x130\\n[ 4761.149755]  device_del+0x158/0x3e0\\n[ 4761.153245]  ? kernfs_find_ns+0x35/0xc0\\n[ 4761.157086]  device_unregister+0x13/0x60\\n[ 4761.161010]  unregister_virtio_device+0x11/0x20\\n[ 4761.165543]  device_release_driver_internal+0x19b/0x200\\n[ 4761.170770]  bus_remove_device+0xc2/0x130\\n[ 4761.174782]  device_del+0x158/0x3e0\\n[ 4761.178276]  ? __pfx_vdpa_name_match+0x10/0x10 [vdpa]\\n[ 4761.183336]  device_unregister+0x13/0x60\\n[ 4761.187260]  vdpa_nl_cmd_dev_del_set_doit+0x63/0xe0 [vdpa]\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/f06cf1e1a503169280467d12d2ec89bf2c30ace7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f9d46429de2a251e1e4962e1bf86c344d6336562\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.