{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-54291","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-30T12:06:44.527Z","datePublished":"2025-12-30T12:23:29.754Z","dateUpdated":"2026-05-11T19:59:07.275Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:59:07.275Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvduse: fix NULL pointer dereference\n\nvduse_vdpa_set_vq_affinity callback can be called\nwith NULL value as cpu_mask when deleting the vduse\ndevice.\n\nThis patch resets virtqueue's IRQ affinity mask value\nto set all CPUs instead of dereferencing NULL cpu_mask.\n\n[ 4760.952149] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 4760.959110] #PF: supervisor read access in kernel mode\n[ 4760.964247] #PF: error_code(0x0000) - not-present page\n[ 4760.969385] PGD 0 P4D 0\n[ 4760.971927] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 4760.976112] CPU: 13 PID: 2346 Comm: vdpa Not tainted 6.4.0-rc6+ #4\n[ 4760.982291] Hardware name: Dell Inc. PowerEdge R640/0W23H8, BIOS 2.8.1 06/26/2020\n[ 4760.989769] RIP: 0010:memcpy_orig+0xc5/0x130\n[ 4760.994049] Code: 16 f8 4c 89 07 4c 89 4f 08 4c 89 54 17 f0 4c 89 5c 17 f8 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 fa 08 72 1b <4c> 8b 06 4c 8b 4c 16 f8 4c 89 07 4c 89 4c 17 f8 c3 cc cc cc cc 66\n[ 4761.012793] RSP: 0018:ffffb1d565abb830 EFLAGS: 00010246\n[ 4761.018020] RAX: ffff9f4bf6b27898 RBX: ffff9f4be23969c0 RCX: ffff9f4bcadf6400\n[ 4761.025152] RDX: 0000000000000008 RSI: 0000000000000000 RDI: ffff9f4bf6b27898\n[ 4761.032286] RBP: 0000000000000000 R08: 0000000000000008 R09: 0000000000000000\n[ 4761.039416] R10: 0000000000000000 R11: 0000000000000600 R12: 0000000000000000\n[ 4761.046549] R13: 0000000000000000 R14: 0000000000000080 R15: ffffb1d565abbb10\n[ 4761.053680] FS:  00007f64c2ec2740(0000) GS:ffff9f635f980000(0000) knlGS:0000000000000000\n[ 4761.061765] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4761.067513] CR2: 0000000000000000 CR3: 0000001875270006 CR4: 00000000007706e0\n[ 4761.074645] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4761.081775] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 4761.088909] PKRU: 55555554\n[ 4761.091620] Call Trace:\n[ 4761.094074]  <TASK>\n[ 4761.096180]  ? __die+0x1f/0x70\n[ 4761.099238]  ? page_fault_oops+0x171/0x4f0\n[ 4761.103340]  ? exc_page_fault+0x7b/0x180\n[ 4761.107265]  ? asm_exc_page_fault+0x22/0x30\n[ 4761.111460]  ? memcpy_orig+0xc5/0x130\n[ 4761.115126]  vduse_vdpa_set_vq_affinity+0x3e/0x50 [vduse]\n[ 4761.120533]  virtnet_clean_affinity.part.0+0x3d/0x90 [virtio_net]\n[ 4761.126635]  remove_vq_common+0x1a4/0x250 [virtio_net]\n[ 4761.131781]  virtnet_remove+0x5d/0x70 [virtio_net]\n[ 4761.136580]  virtio_dev_remove+0x3a/0x90\n[ 4761.140509]  device_release_driver_internal+0x19b/0x200\n[ 4761.145742]  bus_remove_device+0xc2/0x130\n[ 4761.149755]  device_del+0x158/0x3e0\n[ 4761.153245]  ? kernfs_find_ns+0x35/0xc0\n[ 4761.157086]  device_unregister+0x13/0x60\n[ 4761.161010]  unregister_virtio_device+0x11/0x20\n[ 4761.165543]  device_release_driver_internal+0x19b/0x200\n[ 4761.170770]  bus_remove_device+0xc2/0x130\n[ 4761.174782]  device_del+0x158/0x3e0\n[ 4761.178276]  ? __pfx_vdpa_name_match+0x10/0x10 [vdpa]\n[ 4761.183336]  device_unregister+0x13/0x60\n[ 4761.187260]  vdpa_nl_cmd_dev_del_set_doit+0x63/0xe0 [vdpa]"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/vdpa/vdpa_user/vduse_dev.c"],"versions":[{"version":"28f6288eb63d5979fa6758e64f52e4d55cf184a8","lessThan":"f9d46429de2a251e1e4962e1bf86c344d6336562","status":"affected","versionType":"git"},{"version":"28f6288eb63d5979fa6758e64f52e4d55cf184a8","lessThan":"f06cf1e1a503169280467d12d2ec89bf2c30ace7","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/vdpa/vdpa_user/vduse_dev.c"],"versions":[{"version":"6.4","status":"affected"},{"version":"0","lessThan":"6.4","status":"unaffected","versionType":"semver"},{"version":"6.4.4","lessThanOrEqual":"6.4.*","status":"unaffected","versionType":"semver"},{"version":"6.5","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.4.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.5"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/f9d46429de2a251e1e4962e1bf86c344d6336562"},{"url":"https://git.kernel.org/stable/c/f06cf1e1a503169280467d12d2ec89bf2c30ace7"}],"title":"vduse: fix NULL pointer dereference","x_generator":{"engine":"bippy-1.2.0"}}}}