DEBIAN-CVE-2023-54293

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-54293

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54293.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-54293

Upstream

CVE-2023-54293

Published

2025-12-30T13:16:18.383Z

Modified

2025-12-31T11:20:55.348328Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: bcache: fixup btreecachewait list damage We get a kernel crash about "listadd corruption. next->prev should be prev (ffff9c801bc01210), but was ffff9c77b688237c. (next=ffffae586d8afe68)." crash> struct listhead 0xffff9c801bc01210 struct listhead { next = 0xffffae586d8afe68, prev = 0xffffae586d8afe68 } crash> struct listhead 0xffff9c77b688237c struct listhead { next = 0x0, prev = 0x0 } crash> struct listhead 0xffffae586d8afe68 struct listhead struct: invalid kernel virtual address: ffffae586d8afe68 type: "gdbreadmemcallback" Cannot access memory at address 0xffffae586d8afe68 [230469.019492] Call Trace: [230469.032041] preparetowait+0x8a/0xb0 [230469.044363] ? bchbtreekeysfree+0x6c/0xc0 [escache] [230469.056533] mcacannibalizelock+0x72/0x90 [escache] [230469.068788] mcaalloc+0x2ae/0x450 [escache] [230469.080790] bchbtreenodeget+0x136/0x2d0 [escache] [230469.092681] bchbtreecheckthread+0x1e1/0x260 [escache] [230469.104382] ? finishwait+0x80/0x80 [230469.115884] ? bchbtreecheckrecurse+0x1a0/0x1a0 [escache] [230469.127259] kthread+0x112/0x130 [230469.138448] ? kthreadflushworkfn+0x10/0x10 [230469.149477] retfromfork+0x35/0x40 bchbtreecheckthread() and bchdirtyinitthread() may call mcacannibalize() to cannibalize other cached btree nodes. Only one thread can do it at a time, so the op of other threads will be added to the btreecachewait list. We must call finishwait() to remove op from btreecachewait before free it's memory address. Otherwise, the list will be damaged. Also should call bchcannibalizeunlock() to release the btreecachealloclock and wakeup other waiters.

References

https://security-tracker.debian.org/tracker/CVE-2023-54293

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.191-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

5.10.158-1

5.10.158-2

5.10.162-1

5.10.178-1

5.10.178-2

5.10.178-3

5.10.179-1

5.10.179-2

5.10.179-3

5.10.179-4

5.10.179-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54293.json"

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.52-1

Affected versions

6.*

6.1.27-1

6.1.37-1

6.1.38-1

6.1.38-2~bpo11+1

6.1.38-2

6.1.38-3

6.1.38-4~bpo11+1

6.1.38-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54293.json"

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54293.json"

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54293.json"