CVE-2023-54095Type Confusion in Linux

CWE-843Type Confusion7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 84.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix notifiers being shared by PCI and VIO buses fail_iommu_setup() registers the fail_iommu_bus_notifier struct to both PCI and VIO buses. struct notifier_block is a linked list node, so this causes any notifiers later registered to either bus type to also be registered to the other since they share the same node. This causes issues in (at least) the vgaarb code, which registers a notifier for PCI buses. pci_no

Affected Packages4 packages

Linuxlinux/linux_kernel3.6.04.14.326+7
Debianlinux/linux_kernel< 5.10.197-1+3
CVEListV5linux/linuxd6b9a81b2a45786384f5bd3516bd6ddfb4b772c6dc0d107e624ca96aef6dd8722eb33ba3a6d157b0+9
debiandebian/linux< linux 6.1.55-1 (bookworm)

🔴Vulnerability Details

3
OSV
powerpc/iommu: Fix notifiers being shared by PCI and VIO buses2025-12-24
GHSA
GHSA-6v42-prqv-7q9g: In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix notifiers being shared by PCI and VIO buses fail_iommu_setup(2025-12-24
OSV
CVE-2023-54095: In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix notifiers being shared by PCI and VIO buses fail_iommu_setup()2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: powerpc/iommu: Fix notifiers being shared by PCI and VIO buses2025-12-24
Debian
CVE-2023-54095: linux - In the Linux kernel, the following vulnerability has been resolved: powerpc/iom...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54095 Impact, Exploitability, and Mitigation Steps | Wiz