CVE-2023-54024 (GCVE-0-2023-54024)

Vulnerability from cvelistv5 – Published: 2025-12-24 10:55 – Updated: 2025-12-24 10:55
VLAI?
Title
KVM: Destroy target device if coalesced MMIO unregistration fails
Summary
In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy target device if coalesced MMIO unregistration fails Destroy and free the target coalesced MMIO device if unregistering said device fails. As clearly noted in the code, kvm_io_bus_unregister_dev() does not destroy the target device. BUG: memory leak unreferenced object 0xffff888112a54880 (size 64): comm "syz-executor.2", pid 5258, jiffies 4297861402 (age 14.129s) hex dump (first 32 bytes): 38 c7 67 15 00 c9 ff ff 38 c7 67 15 00 c9 ff ff 8.g.....8.g..... e0 c7 e1 83 ff ff ff ff 00 30 67 15 00 c9 ff ff .........0g..... backtrace: [<0000000006995a8a>] kmalloc include/linux/slab.h:556 [inline] [<0000000006995a8a>] kzalloc include/linux/slab.h:690 [inline] [<0000000006995a8a>] kvm_vm_ioctl_register_coalesced_mmio+0x8e/0x3d0 arch/x86/kvm/../../../virt/kvm/coalesced_mmio.c:150 [<00000000022550c2>] kvm_vm_ioctl+0x47d/0x1600 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3323 [<000000008a75102f>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000008a75102f>] file_ioctl fs/ioctl.c:509 [inline] [<000000008a75102f>] do_vfs_ioctl+0xbab/0x1160 fs/ioctl.c:696 [<0000000080e3f669>] ksys_ioctl+0x76/0xa0 fs/ioctl.c:713 [<0000000059ef4888>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<0000000059ef4888>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<0000000059ef4888>] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:718 [<000000006444fa05>] do_syscall_64+0x9f/0x4e0 arch/x86/entry/common.c:290 [<000000009a4ed50b>] entry_SYSCALL_64_after_hwframe+0x49/0xbe BUG: leak checking failed
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 7d1bc32d6477ff96a32695ea4be8144e4513ab2d , < 10c2a20d73e99463e69b7e92706791656adc16d7 (git)
Affected: 2a20592baff59c5351c5200ec667e1a2aa22af85 , < 76a9886e1b61ce5592df5ae78a19ed30399ae189 (git)
Affected: 5d3c4c79384af06e3c8e25b7770b6247496b4417 , < 999439fd5da5a76253e2f2c37b94204f47d75491 (git)
Affected: 5d3c4c79384af06e3c8e25b7770b6247496b4417 , < ccf6a7fb1aedb1472e1241ee55e4d26b68f8d066 (git)
Affected: 5d3c4c79384af06e3c8e25b7770b6247496b4417 , < fb436dd6914325075f07d19851ab277b7a693ae7 (git)
Affected: 5d3c4c79384af06e3c8e25b7770b6247496b4417 , < b1cb1fac22abf102ffeb29dd3eeca208a3869d54 (git)
Affected: 168e82f640ed1891a700bdb43e37da354b2ab63c (git)
Affected: 50cbad42bfea8c052b7ca590bd4126cdc898713c (git)
Create a notification for this product.
    Linux Linux Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.4.235 , ≤ 5.4.* (semver)
Unaffected: 5.10.173 , ≤ 5.10.* (semver)
Unaffected: 5.15.99 , ≤ 5.15.* (semver)
Unaffected: 6.1.16 , ≤ 6.1.* (semver)
Unaffected: 6.2.3 , ≤ 6.2.* (semver)
Unaffected: 6.3 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "virt/kvm/coalesced_mmio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "10c2a20d73e99463e69b7e92706791656adc16d7",
              "status": "affected",
              "version": "7d1bc32d6477ff96a32695ea4be8144e4513ab2d",
              "versionType": "git"
            },
            {
              "lessThan": "76a9886e1b61ce5592df5ae78a19ed30399ae189",
              "status": "affected",
              "version": "2a20592baff59c5351c5200ec667e1a2aa22af85",
              "versionType": "git"
            },
            {
              "lessThan": "999439fd5da5a76253e2f2c37b94204f47d75491",
              "status": "affected",
              "version": "5d3c4c79384af06e3c8e25b7770b6247496b4417",
              "versionType": "git"
            },
            {
              "lessThan": "ccf6a7fb1aedb1472e1241ee55e4d26b68f8d066",
              "status": "affected",
              "version": "5d3c4c79384af06e3c8e25b7770b6247496b4417",
              "versionType": "git"
            },
            {
              "lessThan": "fb436dd6914325075f07d19851ab277b7a693ae7",
              "status": "affected",
              "version": "5d3c4c79384af06e3c8e25b7770b6247496b4417",
              "versionType": "git"
            },
            {
              "lessThan": "b1cb1fac22abf102ffeb29dd3eeca208a3869d54",
              "status": "affected",
              "version": "5d3c4c79384af06e3c8e25b7770b6247496b4417",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "168e82f640ed1891a700bdb43e37da354b2ab63c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "50cbad42bfea8c052b7ca590bd4126cdc898713c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "virt/kvm/coalesced_mmio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.173",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.99",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.235",
                  "versionStartIncluding": "5.4.119",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.173",
                  "versionStartIncluding": "5.10.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.99",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.16",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.3",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.11.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.12.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Destroy target device if coalesced MMIO unregistration fails\n\nDestroy and free the target coalesced MMIO device if unregistering said\ndevice fails.  As clearly noted in the code, kvm_io_bus_unregister_dev()\ndoes not destroy the target device.\n\n  BUG: memory leak\n  unreferenced object 0xffff888112a54880 (size 64):\n    comm \"syz-executor.2\", pid 5258, jiffies 4297861402 (age 14.129s)\n    hex dump (first 32 bytes):\n      38 c7 67 15 00 c9 ff ff 38 c7 67 15 00 c9 ff ff  8.g.....8.g.....\n      e0 c7 e1 83 ff ff ff ff 00 30 67 15 00 c9 ff ff  .........0g.....\n    backtrace:\n      [\u003c0000000006995a8a\u003e] kmalloc include/linux/slab.h:556 [inline]\n      [\u003c0000000006995a8a\u003e] kzalloc include/linux/slab.h:690 [inline]\n      [\u003c0000000006995a8a\u003e] kvm_vm_ioctl_register_coalesced_mmio+0x8e/0x3d0 arch/x86/kvm/../../../virt/kvm/coalesced_mmio.c:150\n      [\u003c00000000022550c2\u003e] kvm_vm_ioctl+0x47d/0x1600 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3323\n      [\u003c000000008a75102f\u003e] vfs_ioctl fs/ioctl.c:46 [inline]\n      [\u003c000000008a75102f\u003e] file_ioctl fs/ioctl.c:509 [inline]\n      [\u003c000000008a75102f\u003e] do_vfs_ioctl+0xbab/0x1160 fs/ioctl.c:696\n      [\u003c0000000080e3f669\u003e] ksys_ioctl+0x76/0xa0 fs/ioctl.c:713\n      [\u003c0000000059ef4888\u003e] __do_sys_ioctl fs/ioctl.c:720 [inline]\n      [\u003c0000000059ef4888\u003e] __se_sys_ioctl fs/ioctl.c:718 [inline]\n      [\u003c0000000059ef4888\u003e] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:718\n      [\u003c000000006444fa05\u003e] do_syscall_64+0x9f/0x4e0 arch/x86/entry/common.c:290\n      [\u003c000000009a4ed50b\u003e] entry_SYSCALL_64_after_hwframe+0x49/0xbe\n\n  BUG: leak checking failed"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T10:55:53.718Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/10c2a20d73e99463e69b7e92706791656adc16d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/76a9886e1b61ce5592df5ae78a19ed30399ae189"
        },
        {
          "url": "https://git.kernel.org/stable/c/999439fd5da5a76253e2f2c37b94204f47d75491"
        },
        {
          "url": "https://git.kernel.org/stable/c/ccf6a7fb1aedb1472e1241ee55e4d26b68f8d066"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb436dd6914325075f07d19851ab277b7a693ae7"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1cb1fac22abf102ffeb29dd3eeca208a3869d54"
        }
      ],
      "title": "KVM: Destroy target device if coalesced MMIO unregistration fails",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54024",
    "datePublished": "2025-12-24T10:55:53.718Z",
    "dateReserved": "2025-12-24T10:53:46.179Z",
    "dateUpdated": "2025-12-24T10:55:53.718Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-54024\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-24T11:15:55.403\",\"lastModified\":\"2025-12-29T15:58:56.260\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nKVM: Destroy target device if coalesced MMIO unregistration fails\\n\\nDestroy and free the target coalesced MMIO device if unregistering said\\ndevice fails.  As clearly noted in the code, kvm_io_bus_unregister_dev()\\ndoes not destroy the target device.\\n\\n  BUG: memory leak\\n  unreferenced object 0xffff888112a54880 (size 64):\\n    comm \\\"syz-executor.2\\\", pid 5258, jiffies 4297861402 (age 14.129s)\\n    hex dump (first 32 bytes):\\n      38 c7 67 15 00 c9 ff ff 38 c7 67 15 00 c9 ff ff  8.g.....8.g.....\\n      e0 c7 e1 83 ff ff ff ff 00 30 67 15 00 c9 ff ff  .........0g.....\\n    backtrace:\\n      [\u003c0000000006995a8a\u003e] kmalloc include/linux/slab.h:556 [inline]\\n      [\u003c0000000006995a8a\u003e] kzalloc include/linux/slab.h:690 [inline]\\n      [\u003c0000000006995a8a\u003e] kvm_vm_ioctl_register_coalesced_mmio+0x8e/0x3d0 arch/x86/kvm/../../../virt/kvm/coalesced_mmio.c:150\\n      [\u003c00000000022550c2\u003e] kvm_vm_ioctl+0x47d/0x1600 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3323\\n      [\u003c000000008a75102f\u003e] vfs_ioctl fs/ioctl.c:46 [inline]\\n      [\u003c000000008a75102f\u003e] file_ioctl fs/ioctl.c:509 [inline]\\n      [\u003c000000008a75102f\u003e] do_vfs_ioctl+0xbab/0x1160 fs/ioctl.c:696\\n      [\u003c0000000080e3f669\u003e] ksys_ioctl+0x76/0xa0 fs/ioctl.c:713\\n      [\u003c0000000059ef4888\u003e] __do_sys_ioctl fs/ioctl.c:720 [inline]\\n      [\u003c0000000059ef4888\u003e] __se_sys_ioctl fs/ioctl.c:718 [inline]\\n      [\u003c0000000059ef4888\u003e] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:718\\n      [\u003c000000006444fa05\u003e] do_syscall_64+0x9f/0x4e0 arch/x86/entry/common.c:290\\n      [\u003c000000009a4ed50b\u003e] entry_SYSCALL_64_after_hwframe+0x49/0xbe\\n\\n  BUG: leak checking failed\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/10c2a20d73e99463e69b7e92706791656adc16d7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/76a9886e1b61ce5592df5ae78a19ed30399ae189\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/999439fd5da5a76253e2f2c37b94204f47d75491\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b1cb1fac22abf102ffeb29dd3eeca208a3869d54\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ccf6a7fb1aedb1472e1241ee55e4d26b68f8d066\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fb436dd6914325075f07d19851ab277b7a693ae7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.