Home

Description

In the Linux kernel, the following vulnerability has been resolved: vfio: Fix NULL pointer dereference caused by uninitialized group->iommufd group->iommufd is not initialized for the iommufd_ctx_put() [20018.331541] BUG: kernel NULL pointer dereference, address: 0000000000000000 [20018.377508] RIP: 0010:iommufd_ctx_put+0x5/0x10 [iommufd] ... [20018.476483] Call Trace: [20018.479214] <TASK> [20018.481555] vfio_group_fops_unl_ioctl+0x506/0x690 [vfio] [20018.487586] __x64_sys_ioctl+0x6a/0xb0 [20018.491773] ? trace_hardirqs_on+0xc5/0xe0 [20018.496347] do_syscall_64+0x67/0x90 [20018.500340] entry_SYSCALL_64_after_hwframe+0x4b/0xb5

PUBLISHED Reserved 2025-12-30 | Published 2025-12-30 | Updated 2025-12-30 | Assigner Linux

Product status

Default status
unaffected

9eefba8002c27d65ab52a533fd0611b099b73591 (git) before 8f24eef598ce7cce0bbefe0ec642bcc031d0f528
affected

9eefba8002c27d65ab52a533fd0611b099b73591 (git) before d649c34cb916b015fdcb487e51409fcc5caeca8d
affected

Default status
affected

6.2
affected

Any version before 6.2
unaffected

6.2.3 (semver)
unaffected

6.3 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/8f24eef598ce7cce0bbefe0ec642bcc031d0f528

git.kernel.org/...c/d649c34cb916b015fdcb487e51409fcc5caeca8d

cve.org (CVE-2023-54174)

nvd.nist.gov (CVE-2023-54174)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.