{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53630","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-10-07T15:16:59.656Z","datePublished":"2025-10-07T15:19:33.623Z","dateUpdated":"2026-05-11T19:48:52.330Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:48:52.330Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Fix unpinning of pages when an access is present\n\nsyzkaller found that the calculation of batch_last_index should use\n'start_index' since at input to this function the batch is either empty or\nit has already been adjusted to cross any accesses so it will start at the\npoint we are unmapping from.\n\nGetting this wrong causes the unmap to run over the end of the pages\nwhich corrupts pages that were never mapped. In most cases this triggers\nthe num pinned debugging:\n\n  WARNING: CPU: 0 PID: 557 at drivers/iommu/iommufd/pages.c:294 __iopt_area_unfill_domain+0x152/0x560\n  Modules linked in:\n  CPU: 0 PID: 557 Comm: repro Not tainted 6.3.0-rc2-eeac8ede1755 #1\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n  RIP: 0010:__iopt_area_unfill_domain+0x152/0x560\n  Code: d2 0f ff 44 8b 64 24 54 48 8b 44 24 48 31 ff 44 89 e6 48 89 44 24 38 e8 fc d3 0f ff 45 85 e4 0f 85 eb 01 00 00 e8 0e d2 0f ff <0f> 0b e8 07 d2 0f ff 48 8b 44 24 38 89 5c 24 58 89 18 8b 44 24 54\n  RSP: 0018:ffffc9000108baf0 EFLAGS: 00010246\n  RAX: 0000000000000000 RBX: 00000000ffffffff RCX: ffffffff821e3f85\n  RDX: 0000000000000000 RSI: ffff88800faf0000 RDI: 0000000000000002\n  RBP: ffffc9000108bd18 R08: 000000000003ca25 R09: 0000000000000014\n  R10: 000000000003ca00 R11: 0000000000000024 R12: 0000000000000004\n  R13: 0000000000000801 R14: 00000000000007ff R15: 0000000000000800\n  FS:  00007f3499ce1740(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000000020000243 CR3: 00000000179c2001 CR4: 0000000000770ef0\n  PKRU: 55555554\n  Call Trace:\n   <TASK>\n   iopt_area_unfill_domain+0x32/0x40\n   iopt_table_remove_domain+0x23f/0x4c0\n   iommufd_device_selftest_detach+0x3a/0x90\n   iommufd_selftest_destroy+0x55/0x70\n   iommufd_object_destroy_user+0xce/0x130\n   iommufd_destroy+0xa2/0xc0\n   iommufd_fops_ioctl+0x206/0x330\n   __x64_sys_ioctl+0x10e/0x160\n   do_syscall_64+0x3b/0x90\n   entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nAlso add some useful WARN_ON sanity checks."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/iommu/iommufd/pages.c"],"versions":[{"version":"8d160cd4d5066f864ec0f2c981470e55ac03ac27","lessThan":"70726ce4d898db57bfc4ae30ecd7da63b0dd0aa4","status":"affected","versionType":"git"},{"version":"8d160cd4d5066f864ec0f2c981470e55ac03ac27","lessThan":"727c28c1cef2bc013d2c8bb6c50e410a3882a04e","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/iommu/iommufd/pages.c"],"versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","status":"unaffected","versionType":"semver"},{"version":"6.2.11","lessThanOrEqual":"6.2.*","status":"unaffected","versionType":"semver"},{"version":"6.3","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.2.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/70726ce4d898db57bfc4ae30ecd7da63b0dd0aa4"},{"url":"https://git.kernel.org/stable/c/727c28c1cef2bc013d2c8bb6c50e410a3882a04e"}],"title":"iommufd: Fix unpinning of pages when an access is present","x_generator":{"engine":"bippy-1.2.0"}}}}