DEBIAN-CVE-2023-53756

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-53756

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53756.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53756

Upstream

CVE-2023-53756

Published

2025-12-08T02:15:51.243Z

Modified

2025-12-08T10:16:23.766131Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Fix crash due to uninitialized currentvmcs KVM enables 'Enlightened VMCS' and 'Enlightened MSR Bitmap' when running as a nested hypervisor on top of Hyper-V. When MSR bitmap is updated, evmcstouchmsrbitmap function uses currentvmcs per-cpu variable to mark that the msr bitmap was changed. vmxvcpucreate() modifies the msr bitmap via vmxdisableinterceptformsr -> vmxmsrbitmapl01changed which in the end calls this function. The function checks for currentvmcs if it is null but the check is insufficient because currentvmcs is not initialized. Because of this, the code might incorrectly write to the structure pointed by currentvmcs value left by another task. Preemption is not disabled, the current task can be preempted and moved to another CPU while currentvmcs is accessed multiple times from evmcstouchmsrbitmap() which leads to crash. The manipulation of MSR bitmaps by callers happens only for vmcs01 so the solution is to use vmx->vmcs01.vmcs instead of currentvmcs. BUG: kernel NULL pointer dereference, address: 0000000000000338 PGD 4e1775067 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI ... RIP: 0010:vmxmsrbitmapl01changed+0x39/0x50 [kvmintel] ... Call Trace: vmxdisableinterceptformsr+0x36/0x260 [kvmintel] vmxvcpucreate+0xe6/0x540 [kvmintel] kvmarchvcpucreate+0x1d1/0x2e0 [kvm] kvmvmioctlcreatevcpu+0x178/0x430 [kvm] kvmvmioctl+0x53f/0x790 [kvm] _x64sysioctl+0x8a/0xc0 dosyscall64+0x5c/0x90 entrySYSCALL64afterhwframe+0x63/0xcd

References

https://security-tracker.debian.org/tracker/CVE-2023-53756

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.178-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

5.10.158-1

5.10.158-2

5.10.162-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}