{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-54174","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-30T12:06:44.496Z","datePublished":"2025-12-30T12:08:47.527Z","dateUpdated":"2026-05-11T19:56:52.938Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:56:52.938Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvfio: Fix NULL pointer dereference caused by uninitialized group->iommufd\n\ngroup->iommufd is not initialized for the iommufd_ctx_put()\n\n[20018.331541] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[20018.377508] RIP: 0010:iommufd_ctx_put+0x5/0x10 [iommufd]\n...\n[20018.476483] Call Trace:\n[20018.479214]  <TASK>\n[20018.481555]  vfio_group_fops_unl_ioctl+0x506/0x690 [vfio]\n[20018.487586]  __x64_sys_ioctl+0x6a/0xb0\n[20018.491773]  ? trace_hardirqs_on+0xc5/0xe0\n[20018.496347]  do_syscall_64+0x67/0x90\n[20018.500340]  entry_SYSCALL_64_after_hwframe+0x4b/0xb5"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/vfio/group.c"],"versions":[{"version":"9eefba8002c27d65ab52a533fd0611b099b73591","lessThan":"8f24eef598ce7cce0bbefe0ec642bcc031d0f528","status":"affected","versionType":"git"},{"version":"9eefba8002c27d65ab52a533fd0611b099b73591","lessThan":"d649c34cb916b015fdcb487e51409fcc5caeca8d","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/vfio/group.c"],"versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","status":"unaffected","versionType":"semver"},{"version":"6.2.3","lessThanOrEqual":"6.2.*","status":"unaffected","versionType":"semver"},{"version":"6.3","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.2.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/8f24eef598ce7cce0bbefe0ec642bcc031d0f528"},{"url":"https://git.kernel.org/stable/c/d649c34cb916b015fdcb487e51409fcc5caeca8d"}],"title":"vfio: Fix NULL pointer dereference caused by uninitialized group->iommufd","x_generator":{"engine":"bippy-1.2.0"}}}}