CVE-2023-54007Time-of-check Time-of-use (TOCTOU) Race Condition in Linux

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition7 documents6 sources
Severity
4.7MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: vmci_host: fix a race condition in vmci_host_poll() causing GPF During fuzzing, a general protection fault is observed in vmci_host_poll(). general protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x00000000000000c8-0x00000000000000cf] RIP: 0010:__lock_acquire+0xf3/0x5e00 kernel/locking/lockdep.c:4926 Call Trace: lock_acquire+0x1a4/0x4a0 ker

Affected Packages4 packages

Linuxlinux/linux_kernel3.9.04.19.283+6
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linux8bf503991f87e32ea42a7bd69b79ba084fddc5d72053e93ac15519ed1f1fe6eba79a33a4963be4a3+8
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-j5xc-fjvv-7rjx: In the Linux kernel, the following vulnerability has been resolved: vmci_host: fix a race condition in vmci_host_poll() causing GPF During fuzzing,2025-12-24
OSV
CVE-2023-54007: In the Linux kernel, the following vulnerability has been resolved: vmci_host: fix a race condition in vmci_host_poll() causing GPF During fuzzing, a2025-12-24
OSV
vmci_host: fix a race condition in vmci_host_poll() causing GPF2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: vmci_host: fix a race condition in vmci_host_poll() causing GPF2025-12-24
Debian
CVE-2023-54007: linux - In the Linux kernel, the following vulnerability has been resolved: vmci_host: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54007 Impact, Exploitability, and Mitigation Steps | Wiz