CVE-2023-54098
- Source
- https://cve.org/CVERecord?id=CVE-2023-54098
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54098.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-54098
- Downstream
- Published
- 2025-12-24T13:06:25.197Z
- Modified
- 2025-12-29T11:18:31.728314Z
- Summary
- drm/i915/gvt: fix gvt debugfs destroy
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gvt: fix gvt debugfs destroy
When gvt debug fs is destroyed, need to have a sane check if drm minor's debugfs root is still available or not, otherwise in case like device remove through unbinding, drm minor's debugfs directory has already been removed, then intelgvtdebugfs_clean() would act upon dangling pointer like below oops.
i915 0000:00:02.0: Direct firmware load for i915/gvt/vid0x8086did0x1926rid0x0a.goldenhwstate failed with error -2 i915 0000:00:02.0: MDEV: Registered Console: switching to colour dummy device 80x25 i915 0000:00:02.0: MDEV: Unregistering BUG: kernel NULL pointer dereference, address: 00000000000000a0 PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP PTI CPU: 2 PID: 2486 Comm: gfx-unbind.sh Tainted: G I 6.1.0-rc8+ #15 Hardware name: Dell Inc. XPS 13 9350/0JXC1H, BIOS 1.13.0 02/10/2020 RIP: 0010:downwrite+0x1f/0x90 Code: 1d ff ff 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 53 48 89 fb e8 62 c0 ff ff bf 01 00 00 00 e8 28 5e 31 ff 31 c0 ba 01 00 00 00 <f0> 48 0f b1 13 75 33 65 48 8b 04 25 c0 bd 01 00 48 89 43 08 bf 01 RSP: 0018:ffff9eb3036ffcc8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000000a0 RCX: ffffff8100000000 RDX: 0000000000000001 RSI: 0000000000000064 RDI: ffffffffa48787a8 RBP: ffff9eb3036ffd30 R08: ffffeb1fc45a0608 R09: ffffeb1fc45a05c0 R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000000 R13: ffff91acc33fa328 R14: ffff91acc033f080 R15: ffff91acced533e0 FS: 00007f6947bba740(0000) GS:ffff91ae36d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000a0 CR3: 00000001133a2002 CR4: 00000000003706e0 Call Trace: <TASK> simplerecursiveremoval+0x9f/0x2a0 ? startcreating.part.0+0x120/0x120 ? _rawspinlock+0x13/0x40 debugfsremove+0x40/0x60 intelgvtdebugfsclean+0x15/0x30 [kvmgt] intelgvtcleandevice+0x49/0xe0 [kvmgt] intelgvtdriverremove+0x2f/0xb0 i915driverremove+0xa4/0xf0 i915pciremove+0x1a/0x30 pcideviceremove+0x33/0xa0 devicereleasedriverinternal+0x1b2/0x230 unbindstore+0xe0/0x110 kernfsfopwriteiter+0x11b/0x1f0 vfswrite+0x203/0x3d0 ksyswrite+0x63/0xe0 dosyscall64+0x37/0x90 entrySYSCALL64afterhwframe+0x63/0xcd RIP: 0033:0x7f6947cb5190 Code: 40 00 48 8b 15 71 9c 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d 51 24 0e 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 RSP: 002b:00007ffcbac45a28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007f6947cb5190 RDX: 000000000000000d RSI: 0000555e35c866a0 RDI: 0000000000000001 RBP: 0000555e35c866a0 R08: 0000000000000002 R09: 0000555e358cb97c R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 R13: 000000000000000d R14: 0000000000000000 R15: 0000555e358cb8e0 </TASK> Modules linked in: kvmgt CR2: 00000000000000a0 ---[ end trace 0000000000000000 ]---
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54098.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/ae9a61511736cc71a99f01e8b7b90f6fb6128ed8
- https://git.kernel.org/stable/c/b85c8536fda3d1ed07c6d87a661ffe18d6eb214b
- https://git.kernel.org/stable/c/bb7c7b2c89d2feb347b6f9bffc1c75987adb1048
- https://git.kernel.org/stable/c/c4b850d1f448a901fbf4f7f36dec38c84009b489
- https://git.kernel.org/stable/c/fe340500baf84b6531c9fc508b167525b9bf6446
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54098.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-54098
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbc7b0be316aebac42eb9e8e54c984609555944daFixedbb7c7b2c89d2feb347b6f9bffc1c75987adb1048Fixedae9a61511736cc71a99f01e8b7b90f6fb6128ed8Fixedb85c8536fda3d1ed07c6d87a661ffe18d6eb214bFixedfe340500baf84b6531c9fc508b167525b9bf6446Fixedc4b850d1f448a901fbf4f7f36dec38c84009b489