CVE-2023-54117

EPSS 0.03%
Veröffentlicht 24.12.2025 13:06:38
Zuletzt bearbeitet 29.12.2025 15:58:34
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

s390/dcssblk: fix kernel crash with list_add corruption

Commit fb08a1908cb1 ("dax: simplify the dax_device <-> gendisk
association") introduced new logic for gendisk association, requiring
drivers to explicitly call dax_add_host() and dax_remove_host().

For dcssblk driver, some dax_remove_host() calls were missing, e.g. in
device remove path. The commit also broke error handling for out_dax case
in device add path, resulting in an extra put_device() w/o the previous
get_device() in that case.

This lead to stale xarray entries after device add / remove cycles. In the
case when a previously used struct gendisk pointer (xarray index) would be
used again, because blk_alloc_disk() happened to return such a pointer, the
xa_insert() in dax_add_host() would fail and go to out_dax, doing the extra
put_device() in the error path. In combination with an already flawed error
handling in dcssblk (device_register() cleanup), which needs to be
addressed in a separate patch, this resulted in a missing device_del() /
klist_del(), and eventually in the kernel crash with list_add corruption on
a subsequent device_add() / klist_add().

Fix this by adding the missing dax_remove_host() calls, and also move the
put_device() in the error path to restore the previous logic.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 6489ec0107860345bc57dcde39e63dfb05ac5c11

Version fb08a1908cb119a4585611d91461ab6d27756b14

Status affected

Version < b7ad75c77349beb4983b9f27108d9b3f33ae1413

Version fb08a1908cb119a4585611d91461ab6d27756b14

Status affected

Version < b5c531a9a7d8e047c90c909f09cef06a9f8e62f4

Version fb08a1908cb119a4585611d91461ab6d27756b14

Status affected

Version < c8f40a0bccefd613748d080147469a4652d6e74c

Version fb08a1908cb119a4585611d91461ab6d27756b14

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.17

Status affected

Version < 5.17

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.53

Status unaffected

Version <= 6.4.*

Version 6.4.16

Status unaffected

Version <= 6.5.*

Version 6.5.3

Status unaffected

Version <= *

Version 6.6

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.064

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/6489ec0107860345bc57dcde39e63dfb05ac5c11

https://git.kernel.org/stable/c/b7ad75c77349beb4983b9f27108d9b3f33ae1413

https://git.kernel.org/stable/c/b5c531a9a7d8e047c90c909f09cef06a9f8e62f4

https://git.kernel.org/stable/c/c8f40a0bccefd613748d080147469a4652d6e74c

https://nvd.nist.gov/vuln/detail/CVE-2023-54117

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54117

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54117

EUVD