Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-54060— iommufd: Set end correctly when doing batch carry

EPSS 0.03% · P11
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-54060

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
iommufd: Set end correctly when doing batch carry
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: iommufd: Set end correctly when doing batch carry Even though the test suite covers this it somehow became obscured that this wasn't working. The test iommufd_ioas.mock_domain.access_domain_destory would blow up rarely. end should be set to 1 because this just pushed an item, the carry, to the pfns list. Sometimes the test would blow up with: BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 5 PID: 584 Comm: iommufd Not tainted 6.5.0-rc1-dirty #1236 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:batch_unpin+0xa2/0x100 [iommufd] Code: 17 48 81 fe ff ff 07 00 77 70 48 8b 15 b7 be 97 e2 48 85 d2 74 14 48 8b 14 fa 48 85 d2 74 0b 40 0f b6 f6 48 c1 e6 04 48 01 f2 <48> 8b 3a 48 c1 e0 06 89 ca 48 89 de 48 83 e7 f0 48 01 c7 e8 96 dc RSP: 0018:ffffc90001677a58 EFLAGS: 00010246 RAX: 00007f7e2646f000 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000000 RSI: 00000000fefc4c8d RDI: 0000000000fefc4c RBP: ffffc90001677a80 R08: 0000000000000048 R09: 0000000000000200 R10: 0000000000030b98 R11: ffffffff81f3bb40 R12: 0000000000000001 R13: ffff888101f75800 R14: ffffc90001677ad0 R15: 00000000000001fe FS: 00007f9323679740(0000) GS:ffff8881ba540000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000105ede003 CR4: 00000000003706a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? show_regs+0x5c/0x70 ? __die+0x1f/0x60 ? page_fault_oops+0x15d/0x440 ? lock_release+0xbc/0x240 ? exc_page_fault+0x4a4/0x970 ? asm_exc_page_fault+0x27/0x30 ? batch_unpin+0xa2/0x100 [iommufd] ? batch_unpin+0xba/0x100 [iommufd] __iopt_area_unfill_domain+0x198/0x430 [iommufd] ? __mutex_lock+0x8c/0xb80 ? __mutex_lock+0x6aa/0xb80 ? xa_erase+0x28/0x30 ? iopt_table_remove_domain+0x162/0x320 [iommufd] ? lock_release+0xbc/0x240 iopt_area_unfill_domain+0xd/0x10 [iommufd] iopt_table_remove_domain+0x195/0x320 [iommufd] iommufd_hw_pagetable_destroy+0xb3/0x110 [iommufd] iommufd_object_destroy_user+0x8e/0xf0 [iommufd] iommufd_device_detach+0xc5/0x140 [iommufd] iommufd_selftest_destroy+0x1f/0x70 [iommufd] iommufd_object_destroy_user+0x8e/0xf0 [iommufd] iommufd_destroy+0x3a/0x50 [iommufd] iommufd_fops_ioctl+0xfb/0x170 [iommufd] __x64_sys_ioctl+0x40d/0x9a0 do_syscall_64+0x3c/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于批处理携带操作中未正确设置结束标志,可能导致空指针取消引用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux f394576eb11dbcd3a740fa41e577b97f0720d26e ~ 176f36a376c417b58d19f79edfce20db9317eaa2 -
LinuxLinux 6.2 -

II. Public POCs for CVE-2023-54060

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-54060

登录查看更多情报信息。

Same Patch Batch · Linux · 2025-12-24 · 322 CVEs total

CVE-2022-50755udf: Avoid double brelse() in udf_rename()
CVE-2022-50765RISC-V: kexec: Fix memory leak of elf header buffer
CVE-2022-50764ipv6/sit: use DEV_STATS_INC() to avoid data-races
CVE-2022-50763crypto: marvell/octeontx - prevent integer overflows
CVE-2022-50762fs/ntfs3: Avoid UBSAN error on true_sectors_per_clst()
CVE-2022-50760drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
CVE-2022-50761x86/xen: Fix memory leak in xen_init_lock_cpu()
CVE-2022-50759media: i2c: ov5648: Free V4L2 fwnode data on unbind
CVE-2022-50758staging: vt6655: fix potential memory leak
CVE-2022-50756nvme-pci: fix mempool alloc size
CVE-2022-50757media: camss: Clean up received buffers on failed start of streaming
CVE-2022-50749acct: fix potential integer overflow in encode_comp_t()
CVE-2022-50746erofs: validate the extent length for uncompressed pclusters
CVE-2022-50747hfs: Fix OOB Write in hfs_asc2mac
CVE-2022-50748ipc: mqueue: fix possible memory leak in init_mqueue_fs()
CVE-2022-50750drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure
CVE-2022-50752md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk()
CVE-2022-50753f2fs: fix to do sanity check on summary info
CVE-2022-50754apparmor: fix a memleak in multi_transaction_new()
CVE-2022-50766btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer

Showing top 20 of 322 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2023-54060

No comments yet

Leave a comment