CVE-2023-54237

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-54237
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54237.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-54237
Downstream
Published
2025-12-30T12:11:27.028Z
Modified
2026-03-20T12:33:30.873178Z
Summary
net/smc: fix potential panic dues to unprotected smc_llc_srv_add_link()
Details

In the Linux kernel, the following vulnerability has been resolved:

net/smc: fix potential panic dues to unprotected smcllcsrvaddlink()

There is a certain chance to trigger the following panic:

PID: 5900 TASK: ffff88c1c8af4100 CPU: 1 COMMAND: "kworker/1:48" #0 [ffff9456c1cc79a0] machine_kexec at ffffffff870665b7 #1 [ffff9456c1cc79f0] __crashkexec at ffffffff871b4c7a #2 [ffff9456c1cc7ab0] crashkexec at ffffffff871b5b60 #3 [ffff9456c1cc7ac0] oopsend at ffffffff87026ce7 #4 [ffff9456c1cc7ae0] pagefaultoops at ffffffff87075715 #5 [ffff9456c1cc7b58] excpagefault at ffffffff87ad0654 #6 [ffff9456c1cc7b80] asmexcpagefault at ffffffff87c00b62 [exception RIP: iballocmr+19] RIP: ffffffffc0c9cce3 RSP: ffff9456c1cc7c38 RFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000004 RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff88c1ea281d00 R8: 000000020a34ffff R9: ffff88c1350bbb20 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000010 R14: ffff88c1ab040a50 R15: ffff88c1ea281d00 ORIGRAX: ffffffffffffffff CS: 0010 SS: 0018 #7 [ffff9456c1cc7c60] smcibgetmemoryregion at ffffffffc0aff6df [smc] #8 [ffff9456c1cc7c88] smcrbufmaplink at ffffffffc0b0278c [smc] #9 [ffff9456c1cc7ce0] __smcbufcreate at ffffffffc0b03586 [smc]

The reason here is that when the server tries to create a second link, smcllcsrvaddlink() has no protection and may add a new link to link group. This breaks the security environment protected by llcconfmutex.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54237.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2d2209f2018943d4152a21eff5b76f1952e0b435
Fixed
f2f46de98c11d41ac8d22765f47ba54ce5480a5b
Fixed
0c764cc271d3aa6528ae1b3394babf34ac01f775
Fixed
e40b801b3603a8f90b46acbacdea3505c27f01c0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54237.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.8.0
Fixed
6.1.16
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.2.3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54237.json"