Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2023-53706

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
22/10/2025
Last modified:
22/10/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm/vmemmap/devdax: fix kernel crash when probing devdax devices<br /> <br /> commit 4917f55b4ef9 ("mm/sparse-vmemmap: improve memory savings for<br /> compound devmaps") added support for using optimized vmmemap for devdax<br /> devices. But how vmemmap mappings are created are architecture specific. <br /> For example, powerpc with hash translation doesn&amp;#39;t have vmemmap mappings<br /> in init_mm page table instead they are bolted table entries in the<br /> hardware page table<br /> <br /> vmemmap_populate_compound_pages() used by vmemmap optimization code is not<br /> aware of these architecture-specific mapping. Hence allow architecture to<br /> opt for this feature. I selected architectures supporting<br /> HUGETLB_PAGE_OPTIMIZE_VMEMMAP option as also supporting this feature.<br /> <br /> This patch fixes the below crash on ppc64.<br /> <br /> BUG: Unable to handle kernel data access on write at 0xc00c000100400038<br /> Faulting instruction address: 0xc000000001269d90<br /> Oops: Kernel access of bad area, sig: 11 [#1]<br /> LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries<br /> Modules linked in:<br /> CPU: 7 PID: 1 Comm: swapper/0 Not tainted 6.3.0-rc5-150500.34-default+ #2 5c90a668b6bbd142599890245c2fb5de19d7d28a<br /> Hardware name: IBM,9009-42G POWER9 (raw) 0x4e0202 0xf000005 of:IBM,FW950.40 (VL950_099) hv:phyp pSeries<br /> NIP: c000000001269d90 LR: c0000000004c57d4 CTR: 0000000000000000<br /> REGS: c000000003632c30 TRAP: 0300 Not tainted (6.3.0-rc5-150500.34-default+)<br /> MSR: 8000000000009033 CR: 24842228 XER: 00000000<br /> CFAR: c0000000004c57d0 DAR: c00c000100400038 DSISR: 42000000 IRQMASK: 0<br /> ....<br /> NIP [c000000001269d90] __init_single_page.isra.74+0x14/0x4c<br /> LR [c0000000004c57d4] __init_zone_device_page+0x44/0xd0<br /> Call Trace:<br /> [c000000003632ed0] [c000000003632f60] 0xc000000003632f60 (unreliable)<br /> [c000000003632f10] [c0000000004c5ca0] memmap_init_zone_device+0x170/0x250<br /> [c000000003632fe0] [c0000000005575f8] memremap_pages+0x2c8/0x7f0<br /> [c0000000036330c0] [c000000000557b5c] devm_memremap_pages+0x3c/0xa0<br /> [c000000003633100] [c000000000d458a8] dev_dax_probe+0x108/0x3e0<br /> [c0000000036331a0] [c000000000d41430] dax_bus_probe+0xb0/0x140<br /> [c0000000036331d0] [c000000000cef27c] really_probe+0x19c/0x520<br /> [c000000003633260] [c000000000cef6b4] __driver_probe_device+0xb4/0x230<br /> [c0000000036332e0] [c000000000cef888] driver_probe_device+0x58/0x120<br /> [c000000003633320] [c000000000cefa6c] __device_attach_driver+0x11c/0x1e0<br /> [c0000000036333a0] [c000000000cebc58] bus_for_each_drv+0xa8/0x130<br /> [c000000003633400] [c000000000ceefcc] __device_attach+0x15c/0x250<br /> [c0000000036334a0] [c000000000ced458] bus_probe_device+0x108/0x110<br /> [c0000000036334f0] [c000000000ce92dc] device_add+0x7fc/0xa10<br /> [c0000000036335b0] [c000000000d447c8] devm_create_dev_dax+0x1d8/0x530<br /> [c000000003633640] [c000000000d46b60] __dax_pmem_probe+0x200/0x270<br /> [c0000000036337b0] [c000000000d46bf0] dax_pmem_probe+0x20/0x70<br /> [c0000000036337d0] [c000000000d2279c] nvdimm_bus_probe+0xac/0x2b0<br /> [c000000003633860] [c000000000cef27c] really_probe+0x19c/0x520<br /> [c0000000036338f0] [c000000000cef6b4] __driver_probe_device+0xb4/0x230<br /> [c000000003633970] [c000000000cef888] driver_probe_device+0x58/0x120<br /> [c0000000036339b0] [c000000000cefd08] __driver_attach+0x1d8/0x240<br /> [c000000003633a30] [c000000000cebb04] bus_for_each_dev+0xb4/0x130<br /> [c000000003633a90] [c000000000cee564] driver_attach+0x34/0x50<br /> [c000000003633ab0] [c000000000ced878] bus_add_driver+0x218/0x300<br /> [c000000003633b40] [c000000000cf1144] driver_register+0xa4/0x1b0<br /> [c000000003633bb0] [c000000000d21a0c] __nd_driver_register+0x5c/0x100<br /> [c000000003633c10] [c00000000206a2e8] dax_pmem_init+0x34/0x48<br /> [c000000003633c30] [c0000000000132d0] do_one_initcall+0x60/0x320<br /> [c000000003633d00] [c0000000020051b0] kernel_init_freeable+0x360/0x400<br /> [c000000003633de0] [c000000000013764] kernel_init+0x34/0x1d0<br /> [c000000003633e50] [c00000000000de14] ret_from_kernel_thread+0x5c/0x64

Impact

References to Advisories, Solutions, and Tools