CVE-2023-54278Use After Free in Linux

CWE-416Use After Free7 documents6 sources
Severity
5.8MEDIUM
No vector
EPSS
0.0%
top 92.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 ("s390/mm: start kernel with DAT enabled") the kernel crashes early during boot when debug pagealloc is enabled: mem auto-init: stack:off, heap alloc:off, heap free:off addressing exception: 0005 ilc:2 [#1] SMP DEBUG_PAGEALLOC Modules linked in: CPU: 0 PID: 0 Comm: swapper Not tainted 6.5.0-rc3-09759-gc5666c912155 #630 [..] Krnl Code: 00000000001

Affected Packages4 packages

Linuxlinux/linux_kernel6.3.06.4.10
Debianlinux/linux_kernel< 6.4.11-1+1
CVEListV5linux/linuxbb1520d581a3a46e2d6e12bb74604ace33404de5601e467e29a960f7ab7ec4075afc6a68c3532a65+2
debiandebian/linux< linux 6.4.11-1 (forky)

🔴Vulnerability Details

3
GHSA
GHSA-wr38-v9r2-5hhw: In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a32025-12-30
OSV
s390/vmem: split pages when debug pagealloc is enabled2025-12-30
OSV
CVE-2023-54278: In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 (2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: s390/vmem: split pages when debug pagealloc is enabled2025-12-30
Debian
CVE-2023-54278: linux - In the Linux kernel, the following vulnerability has been resolved: s390/vmem: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54278 Impact, Exploitability, and Mitigation Steps | Wiz