CVE-2023-54060NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.3MEDIUM
No vector
EPSS
0.0%
top 92.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: iommufd: Set end correctly when doing batch carry Even though the test suite covers this it somehow became obscured that this wasn't working. The test iommufd_ioas.mock_domain.access_domain_destory would blow up rarely. end should be set to 1 because this just pushed an item, the carry, to the pfns list. Sometimes the test would blow up with: BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor r

Affected Packages4 packages

Linuxlinux/linux_kernel6.2.06.4.8
Debianlinux/linux_kernel< 6.4.11-1+1
CVEListV5linux/linuxf394576eb11dbcd3a740fa41e577b97f0720d26e176f36a376c417b58d19f79edfce20db9317eaa2+2
debiandebian/linux< linux 6.4.11-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2023-54060: In the Linux kernel, the following vulnerability has been resolved: iommufd: Set end correctly when doing batch carry Even though the test suite cover2025-12-24
OSV
iommufd: Set end correctly when doing batch carry2025-12-24
GHSA
GHSA-j46r-5wf7-7vm6: In the Linux kernel, the following vulnerability has been resolved: iommufd: Set end correctly when doing batch carry Even though the test suite cov2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: iommufd: Set end correctly when doing batch carry2025-12-24
Debian
CVE-2023-54060: linux - In the Linux kernel, the following vulnerability has been resolved: iommufd: Se...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54060 Impact, Exploitability, and Mitigation Steps | Wiz