CVE-2023-54296Symbolic Name not Mapping to Correct Object in Linux

CWE-386Symbolic Name not Mapping to Correct Object7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration Fix a goof where KVM tries to grab source vCPUs from the destination VM when doing intrahost migration. Grabbing the wrong vCPU not only hoses the guest, it also crashes the host due to the VMSA pointer being left NULL. BUG: unable to handle page fault for address: ffffe38687000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-

Affected Packages4 packages

Linuxlinux/linux_kernel5.19.06.1.54+1
Debianlinux/linux_kernel< 6.1.55-1+2
CVEListV5linux/linux6defa24d3b12bbd418bc8526dea1cbc605265c065c18ace750e4d4d58d7da02d1c669bf21c824158+4
debiandebian/linux< linux 6.1.55-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54296: In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration Fix a goo2025-12-30
OSV
KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration2025-12-30
GHSA
GHSA-68cr-cmrr-85gj: In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration Fix a g2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration2025-12-30
Debian
CVE-2023-54296: linux - In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: G...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54296 Impact, Exploitability, and Mitigation Steps | Wiz