GHSA-M7MJ-MW9M-293G

Vulnerability from github – Published: 2025-12-30 15:30 – Updated: 2025-12-30 15:30
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

m68k: mm: Move initrd phys_to_virt handling after paging_init()

When booting with an initial ramdisk on platforms where physical memory does not start at address zero (e.g. on Amiga):

initrd: 0ef0602c - 0f800000
Zone ranges:
  DMA      [mem 0x0000000008000000-0x000000f7ffffffff]
  Normal   empty
Movable zone start for each node
Early memory node ranges
  node   0: [mem 0x0000000008000000-0x000000000f7fffff]
Initmem setup node 0 [mem 0x0000000008000000-0x000000000f7fffff]
Unable to handle kernel access at virtual address (ptrval)
Oops: 00000000
Modules linked in:
PC: [<00201d3c>] memcmp+0x28/0x56

As phys_to_virt() relies on m68k_memoffset and module_fixup(), it must not be called before paging_init(). Hence postpone the phys_to_virt handling for the initial ramdisk until after calling paging_init().

While at it, reduce #ifdef clutter by using IS_ENABLED() instead.

Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-54167"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-30T13:16:04Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nm68k: mm: Move initrd phys_to_virt handling after paging_init()\n\nWhen booting with an initial ramdisk on platforms where physical memory\ndoes not start at address zero (e.g. on Amiga):\n\n    initrd: 0ef0602c - 0f800000\n    Zone ranges:\n      DMA      [mem 0x0000000008000000-0x000000f7ffffffff]\n      Normal   empty\n    Movable zone start for each node\n    Early memory node ranges\n      node   0: [mem 0x0000000008000000-0x000000000f7fffff]\n    Initmem setup node 0 [mem 0x0000000008000000-0x000000000f7fffff]\n    Unable to handle kernel access at virtual address (ptrval)\n    Oops: 00000000\n    Modules linked in:\n    PC: [\u003c00201d3c\u003e] memcmp+0x28/0x56\n\nAs phys_to_virt() relies on m68k_memoffset and module_fixup(), it must\nnot be called before paging_init().  Hence postpone the phys_to_virt\nhandling for the initial ramdisk until after calling paging_init().\n\nWhile at it, reduce #ifdef clutter by using IS_ENABLED() instead.",
  "id": "GHSA-m7mj-mw9m-293g",
  "modified": "2025-12-30T15:30:30Z",
  "published": "2025-12-30T15:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54167"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/58662cfb459150b9c0c22d20cddaea439b3844bd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ceb089e2337f810d3594d310953d9af4783f660a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d4b97925e87eb133e400fe4a482d750c74ce392f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.