CVE-2023-54117Incomplete Cleanup in Linux

CWE-459Incomplete Cleanup7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: s390/dcssblk: fix kernel crash with list_add corruption Commit fb08a1908cb1 ("dax: simplify the dax_device gendisk association") introduced new logic for gendisk association, requiring drivers to explicitly call dax_add_host() and dax_remove_host(). For dcssblk driver, some dax_remove_host() calls were missing, e.g. in device remove path. The commit also broke error handling for out_dax case in device add path, resulting in a

Affected Packages4 packages

Linuxlinux/linux_kernel5.17.06.1.53+2
Debianlinux/linux_kernel< 6.1.55-1+2
CVEListV5linux/linuxfb08a1908cb119a4585611d91461ab6d27756b146489ec0107860345bc57dcde39e63dfb05ac5c11+4
debiandebian/linux< linux 6.1.55-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-gmqv-2fjq-fw5c: In the Linux kernel, the following vulnerability has been resolved: s390/dcssblk: fix kernel crash with list_add corruption Commit fb08a1908cb1 ("da2025-12-24
OSV
s390/dcssblk: fix kernel crash with list_add corruption2025-12-24
OSV
CVE-2023-54117: In the Linux kernel, the following vulnerability has been resolved: s390/dcssblk: fix kernel crash with list_add corruption Commit fb08a1908cb1 ("dax:2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: s390/dcssblk: fix kernel crash with list_add corruption2025-12-24
Debian
CVE-2023-54117: linux - In the Linux kernel, the following vulnerability has been resolved: s390/dcssbl...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54117 Impact, Exploitability, and Mitigation Steps | Wiz