CVE-2023-54172Improper Handling of Missing Special Element in Linux

CWE-166Improper Handling of Missing Special Element7 documents6 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction On hardware that supports Indirect Branch Tracking (IBT), Hyper-V VMs with ConfigVersion 9.3 or later support IBT in the guest. However, current versions of Hyper-V have a bug in that there's not an ENDBR64 instruction at the beginning of the hypercall page. Since hypercalls are made with an indirect call to the hypercall page, all hypercall attempts fail with

Affected Packages4 packages

Linuxlinux/linux_kernel5.18.06.1.45+1
Debianlinux/linux_kernel< 6.1.52-1+2
CVEListV5linux/linux991625f3dd2cbc4b787deb0213e2bcf8fa264b2198cccbd0a19a161971bc7f7feb10577adc62c400+3
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction2025-12-30
OSV
CVE-2023-54172: In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction On hardware th2025-12-30
GHSA
GHSA-3fcf-v62x-cm7w: In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction On hardware2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction2025-12-30
Debian
CVE-2023-54172: linux - In the Linux kernel, the following vulnerability has been resolved: x86/hyperv:...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54172 Impact, Exploitability, and Mitigation Steps | Wiz