CVE-2023-54278 (GCVE-0-2023-54278)

Vulnerability from cvelistv5 – Published: 2025-12-30 12:16 – Updated: 2025-12-30 12:16
VLAI?
Title
s390/vmem: split pages when debug pagealloc is enabled
Summary
In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 ("s390/mm: start kernel with DAT enabled") the kernel crashes early during boot when debug pagealloc is enabled: mem auto-init: stack:off, heap alloc:off, heap free:off addressing exception: 0005 ilc:2 [#1] SMP DEBUG_PAGEALLOC Modules linked in: CPU: 0 PID: 0 Comm: swapper Not tainted 6.5.0-rc3-09759-gc5666c912155 #630 [..] Krnl Code: 00000000001325f6: ec5600248064 cgrj %r5,%r6,8,000000000013263e 00000000001325fc: eb880002000c srlg %r8,%r8,2 #0000000000132602: b2210051 ipte %r5,%r1,%r0,0 >0000000000132606: b90400d1 lgr %r13,%r1 000000000013260a: 41605008 la %r6,8(%r5) 000000000013260e: a7db1000 aghi %r13,4096 0000000000132612: b221006d ipte %r6,%r13,%r0,0 0000000000132616: e3d0d0000171 lay %r13,4096(%r13) Call Trace: __kernel_map_pages+0x14e/0x320 __free_pages_ok+0x23a/0x5a8) free_low_memory_core_early+0x214/0x2c8 memblock_free_all+0x28/0x58 mem_init+0xb6/0x228 mm_core_init+0xb6/0x3b0 start_kernel+0x1d2/0x5a8 startup_continue+0x36/0x40 Kernel panic - not syncing: Fatal exception: panic_on_oops This is caused by using large mappings on machines with EDAT1/EDAT2. Add the code to split the mappings into 4k pages if debug pagealloc is enabled by CONFIG_DEBUG_PAGEALLOC_ENABLE_DEFAULT or the debug_pagealloc kernel command line option.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: bb1520d581a3a46e2d6e12bb74604ace33404de5 , < 601e467e29a960f7ab7ec4075afc6a68c3532a65 (git)
Affected: bb1520d581a3a46e2d6e12bb74604ace33404de5 , < edc1e4b6e26536868ef819a735e04a5b32c10589 (git)
Create a notification for this product.
    Linux Linux Affected: 6.3
Unaffected: 0 , < 6.3 (semver)
Unaffected: 6.4.10 , ≤ 6.4.* (semver)
Unaffected: 6.5 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/s390/mm/vmem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "601e467e29a960f7ab7ec4075afc6a68c3532a65",
              "status": "affected",
              "version": "bb1520d581a3a46e2d6e12bb74604ace33404de5",
              "versionType": "git"
            },
            {
              "lessThan": "edc1e4b6e26536868ef819a735e04a5b32c10589",
              "status": "affected",
              "version": "bb1520d581a3a46e2d6e12bb74604ace33404de5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/s390/mm/vmem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.10",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/vmem: split pages when debug pagealloc is enabled\n\nSince commit bb1520d581a3 (\"s390/mm: start kernel with DAT enabled\")\nthe kernel crashes early during boot when debug pagealloc is enabled:\n\nmem auto-init: stack:off, heap alloc:off, heap free:off\naddressing exception: 0005 ilc:2 [#1] SMP DEBUG_PAGEALLOC\nModules linked in:\nCPU: 0 PID: 0 Comm: swapper Not tainted 6.5.0-rc3-09759-gc5666c912155 #630\n[..]\nKrnl Code: 00000000001325f6: ec5600248064 cgrj %r5,%r6,8,000000000013263e\n           00000000001325fc: eb880002000c srlg %r8,%r8,2\n          #0000000000132602: b2210051     ipte %r5,%r1,%r0,0\n          \u003e0000000000132606: b90400d1     lgr %r13,%r1\n           000000000013260a: 41605008     la %r6,8(%r5)\n           000000000013260e: a7db1000     aghi %r13,4096\n           0000000000132612: b221006d     ipte %r6,%r13,%r0,0\n           0000000000132616: e3d0d0000171 lay %r13,4096(%r13)\n\nCall Trace:\n __kernel_map_pages+0x14e/0x320\n __free_pages_ok+0x23a/0x5a8)\n free_low_memory_core_early+0x214/0x2c8\n memblock_free_all+0x28/0x58\n mem_init+0xb6/0x228\n mm_core_init+0xb6/0x3b0\n start_kernel+0x1d2/0x5a8\n startup_continue+0x36/0x40\nKernel panic - not syncing: Fatal exception: panic_on_oops\n\nThis is caused by using large mappings on machines with EDAT1/EDAT2. Add\nthe code to split the mappings into 4k pages if debug pagealloc is enabled\nby CONFIG_DEBUG_PAGEALLOC_ENABLE_DEFAULT or the debug_pagealloc kernel\ncommand line option."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T12:16:06.350Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/601e467e29a960f7ab7ec4075afc6a68c3532a65"
        },
        {
          "url": "https://git.kernel.org/stable/c/edc1e4b6e26536868ef819a735e04a5b32c10589"
        }
      ],
      "title": "s390/vmem: split pages when debug pagealloc is enabled",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54278",
    "datePublished": "2025-12-30T12:16:06.350Z",
    "dateReserved": "2025-12-30T12:06:44.524Z",
    "dateUpdated": "2025-12-30T12:16:06.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-54278\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-30T13:16:16.757\",\"lastModified\":\"2025-12-30T13:16:16.757\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ns390/vmem: split pages when debug pagealloc is enabled\\n\\nSince commit bb1520d581a3 (\\\"s390/mm: start kernel with DAT enabled\\\")\\nthe kernel crashes early during boot when debug pagealloc is enabled:\\n\\nmem auto-init: stack:off, heap alloc:off, heap free:off\\naddressing exception: 0005 ilc:2 [#1] SMP DEBUG_PAGEALLOC\\nModules linked in:\\nCPU: 0 PID: 0 Comm: swapper Not tainted 6.5.0-rc3-09759-gc5666c912155 #630\\n[..]\\nKrnl Code: 00000000001325f6: ec5600248064 cgrj %r5,%r6,8,000000000013263e\\n           00000000001325fc: eb880002000c srlg %r8,%r8,2\\n          #0000000000132602: b2210051     ipte %r5,%r1,%r0,0\\n          \u003e0000000000132606: b90400d1     lgr %r13,%r1\\n           000000000013260a: 41605008     la %r6,8(%r5)\\n           000000000013260e: a7db1000     aghi %r13,4096\\n           0000000000132612: b221006d     ipte %r6,%r13,%r0,0\\n           0000000000132616: e3d0d0000171 lay %r13,4096(%r13)\\n\\nCall Trace:\\n __kernel_map_pages+0x14e/0x320\\n __free_pages_ok+0x23a/0x5a8)\\n free_low_memory_core_early+0x214/0x2c8\\n memblock_free_all+0x28/0x58\\n mem_init+0xb6/0x228\\n mm_core_init+0xb6/0x3b0\\n start_kernel+0x1d2/0x5a8\\n startup_continue+0x36/0x40\\nKernel panic - not syncing: Fatal exception: panic_on_oops\\n\\nThis is caused by using large mappings on machines with EDAT1/EDAT2. Add\\nthe code to split the mappings into 4k pages if debug pagealloc is enabled\\nby CONFIG_DEBUG_PAGEALLOC_ENABLE_DEFAULT or the debug_pagealloc kernel\\ncommand line option.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/601e467e29a960f7ab7ec4075afc6a68c3532a65\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/edc1e4b6e26536868ef819a735e04a5b32c10589\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.