CVE-2023-54092Improper Validation of Specified Index, Position, or Offset in Input in Linux

CWE-1285Improper Validation of Specified Index, Position, or Offset in Input7 documents6 sources
Severity
5.3MEDIUM
No vector
EPSS
0.0%
top 92.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pv: fix index value of replaced ASCE The index field of the struct page corresponding to a guest ASCE should be 0. When replacing the ASCE in s390_replace_asce(), the index of the new ASCE should also be set to 0. Having the wrong index might lead to the wrong addresses being passed around when notifying pte invalidations, and eventually to validity intercepts (VM crash) if the prefix gets unmapped and the notifier

Affected Packages4 packages

Linuxlinux/linux_kernel5.11.05.15.124+3
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linux9d216035d173214cd33712d67d89220ef2283ebf8e635da0e0d3cb45e32fa79b36218fb98281bc10+7
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54092: In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pv: fix index value of replaced ASCE The index field of the struct page2025-12-24
GHSA
GHSA-g59x-v7cp-wpr9: In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pv: fix index value of replaced ASCE The index field of the struct pa2025-12-24
OSV
KVM: s390: pv: fix index value of replaced ASCE2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: KVM: s390: pv: fix index value of replaced ASCE2025-12-24
Debian
CVE-2023-54092: linux - In the Linux kernel, the following vulnerability has been resolved: KVM: s390: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54092 Impact, Exploitability, and Mitigation Steps | Wiz