AZL-76413

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-76413.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-76413

Upstream

CVE-2023-53647

Published

2025-10-07T16:15:48Z

Modified

2026-04-01T05:22:57.026853Z

Summary

CVE-2023-53647 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

Drivers: hv: vmbus: Don't dereference ACPI root object handle

Since the commit referenced in the Fixes: tag below the VMBus client driver is walking the ACPI namespace up from the VMBus ACPI device to the ACPI namespace root object trying to find Hyper-V MMIO ranges.

However, if it is not able to find them it ends trying to walk resources of the ACPI namespace root object itself. This object has all-ones handle, which causes a NULL pointer dereference in the ACPI code (from dereferencing this pointer with an offset).

This in turn causes an oops on boot with VMBus host implementations that do not provide Hyper-V MMIO ranges in their VMBus ACPI device or its ancestors. The QEMU VMBus implementation is an example of such implementation.

I guess providing these ranges is optional, since all tested Windows versions seem to be able to use VMBus devices without them.

Fix this by explicitly terminating the lookup at the ACPI namespace root object.

Note that Linux guests under KVM/QEMU do not use the Hyper-V PV interface by default - they only do so if the KVM PV interface is missing or disabled.

Example stack trace of such oops: [ 3.710827] ? __die+0x1f/0x60 [ 3.715030] ? pagefaultoops+0x159/0x460 [ 3.716008] ? exc_pagefault+0x73/0x170 [ 3.716959] ? asmexcpagefault+0x22/0x30 [ 3.717957] ? acpinslookup+0x7a/0x4b0 [ 3.718898] ? acpinsinternalizename+0x79/0xc0 [ 3.720018] acpinsgetnodeunlocked+0xb5/0xe0 [ 3.721120] ? acpinscheckobjecttype+0xfe/0x200 [ 3.722285] ? acpirsconvertamltoresource+0x37/0x6e0 [ 3.723559] ? downtimeout+0x3a/0x60 [ 3.724455] ? acpinsgetnode+0x3a/0x60 [ 3.725412] acpinsgetnode+0x3a/0x60 [ 3.726335] acpinsevaluate+0x1c3/0x2c0 [ 3.727295] acpiutevaluateobject+0x64/0x1b0 [ 3.728400] acpirsgetmethoddata+0x2b/0x70 [ 3.729476] ? vmbusplatformdriverprobe+0x1d0/0x1d0 [hvvmbus] [ 3.730940] ? vmbusplatformdriverprobe+0x1d0/0x1d0 [hvvmbus] [ 3.732411] acpiwalkresources+0x78/0xd0 [ 3.733398] vmbusplatformdriverprobe+0x9f/0x1d0 [hvvmbus] [ 3.734802] platformprobe+0x3d/0x90 [ 3.735684] reallyprobe+0x19b/0x400 [ 3.736570] ? __deviceattachdriver+0x100/0x100 [ 3.737697] __driverprobedevice+0x78/0x160 [ 3.738746] driverprobedevice+0x1f/0x90 [ 3.739743] __driverattach+0xc2/0x1b0 [ 3.740671] busforeachdev+0x70/0xc0 [ 3.741601] busadddriver+0x10e/0x210 [ 3.742527] driverregister+0x55/0xf0 [ 3.744412] ? 0xffffffffc039a000 [ 3.745207] hvacpiinit+0x3c/0x1000 [hvvmbus]

References

https://nvd.nist.gov/vuln/detail/CVE-2023-53647

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-76413.json"