CVE-2023-54291NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vduse_vdpa_set_vq_affinity callback can be called with NULL value as cpu_mask when deleting the vduse device. This patch resets virtqueue's IRQ affinity mask value to set all CPUs instead of dereferencing NULL cpu_mask. [ 4760.952149] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 4760.959110] #PF: supervisor read access in kernel mode [ 4760.964247] #PF: error_code(0x00

Affected Packages3 packages

Linuxlinux/linux_kernel6.4.06.4.4
CVEListV5linux/linux28f6288eb63d5979fa6758e64f52e4d55cf184a8f9d46429de2a251e1e4962e1bf86c344d6336562+2
debiandebian/linux

🔴Vulnerability Details

3
OSV
vduse: fix NULL pointer dereference2025-12-30
OSV
CVE-2023-54291: In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vduse_vdpa_set_vq_affinity callback can be cal2025-12-30
GHSA
GHSA-8w34-jjgr-cq87: In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vduse_vdpa_set_vq_affinity callback can be c2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: vduse: fix NULL pointer dereference2025-12-30
Debian
CVE-2023-54291: linux - In the Linux kernel, the following vulnerability has been resolved: vduse: fix ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54291 Impact, Exploitability, and Mitigation Steps | Wiz