Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2023-53319

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/09/2025
Last modified:
14/01/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: arm64: Handle kvm_arm_init failure correctly in finalize_pkvm<br /> <br /> Currently there is no synchronisation between finalize_pkvm() and<br /> kvm_arm_init() initcalls. The finalize_pkvm() proceeds happily even if<br /> kvm_arm_init() fails resulting in the following warning on all the CPUs<br /> and eventually a HYP panic:<br /> <br /> | kvm [1]: IPA Size Limit: 48 bits<br /> | kvm [1]: Failed to init hyp memory protection<br /> | kvm [1]: error initializing Hyp mode: -22<br /> |<br /> | <br /> |<br /> | WARNING: CPU: 0 PID: 0 at arch/arm64/kvm/pkvm.c:226 _kvm_host_prot_finalize+0x30/0x50<br /> | Modules linked in:<br /> | CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.4.0 #237<br /> | Hardware name: FVP Base RevC (DT)<br /> | pstate: 634020c5 (nZCv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--)<br /> | pc : _kvm_host_prot_finalize+0x30/0x50<br /> | lr : __flush_smp_call_function_queue+0xd8/0x230<br /> |<br /> | Call trace:<br /> | _kvm_host_prot_finalize+0x3c/0x50<br /> | on_each_cpu_cond_mask+0x3c/0x6c<br /> | pkvm_drop_host_privileges+0x4c/0x78<br /> | finalize_pkvm+0x3c/0x5c<br /> | do_one_initcall+0xcc/0x240<br /> | do_initcall_level+0x8c/0xac<br /> | do_initcalls+0x54/0x94<br /> | do_basic_setup+0x1c/0x28<br /> | kernel_init_freeable+0x100/0x16c<br /> | kernel_init+0x20/0x1a0<br /> | ret_from_fork+0x10/0x20<br /> | Failed to finalize Hyp protection: -22<br /> | dtb=fvp-base-revc.dtb<br /> | kvm [95]: nVHE hyp BUG at: arch/arm64/kvm/hyp/nvhe/mem_protect.c:540!<br /> | kvm [95]: nVHE call trace:<br /> | kvm [95]: [] __kvm_nvhe_hyp_panic+0xac/0xf8<br /> | kvm [95]: [] __kvm_nvhe_handle_host_mem_abort+0x1a0/0x2ac<br /> | kvm [95]: [] __kvm_nvhe_handle_trap+0x4c/0x160<br /> | kvm [95]: [] __kvm_nvhe___skip_pauth_save+0x4/0x4<br /> | kvm [95]: ---[ end nVHE call trace ]---<br /> | kvm [95]: Hyp Offset: 0xfffe8db00ffa0000<br /> | Kernel panic - not syncing: HYP panic:<br /> | PS:a34023c9 PC:0000f250710b973c ESR:00000000f2000800<br /> | FAR:ffff000800cb00d0 HPFAR:000000000880cb00 PAR:0000000000000000<br /> | VCPU:0000000000000000<br /> | CPU: 3 PID: 95 Comm: kworker/u16:2 Tainted: G W 6.4.0 #237<br /> | Hardware name: FVP Base RevC (DT)<br /> | Workqueue: rpciod rpc_async_schedule<br /> | Call trace:<br /> | dump_backtrace+0xec/0x108<br /> | show_stack+0x18/0x2c<br /> | dump_stack_lvl+0x50/0x68<br /> | dump_stack+0x18/0x24<br /> | panic+0x138/0x33c<br /> | nvhe_hyp_panic_handler+0x100/0x184<br /> | new_slab+0x23c/0x54c<br /> | ___slab_alloc+0x3e4/0x770<br /> | kmem_cache_alloc_node+0x1f0/0x278<br /> | __alloc_skb+0xdc/0x294<br /> | tcp_stream_alloc_skb+0x2c/0xf0<br /> | tcp_sendmsg_locked+0x3d0/0xda4<br /> | tcp_sendmsg+0x38/0x5c<br /> | inet_sendmsg+0x44/0x60<br /> | sock_sendmsg+0x1c/0x34<br /> | xprt_sock_sendmsg+0xdc/0x274<br /> | xs_tcp_send_request+0x1ac/0x28c<br /> | xprt_transmit+0xcc/0x300<br /> | call_transmit+0x78/0x90<br /> | __rpc_execute+0x114/0x3d8<br /> | rpc_async_schedule+0x28/0x48<br /> | process_one_work+0x1d8/0x314<br /> | worker_thread+0x248/0x474<br /> | kthread+0xfc/0x184<br /> | ret_from_fork+0x10/0x20<br /> | SMP: stopping secondary CPUs<br /> | Kernel Offset: 0x57c5cb460000 from 0xffff800080000000<br /> | PHYS_OFFSET: 0x80000000<br /> | CPU features: 0x00000000,1035b7a3,ccfe773f<br /> | Memory Limit: none<br /> | ---[ end Kernel panic - not syncing: HYP panic:<br /> | PS:a34023c9 PC:0000f250710b973c ESR:00000000f2000800<br /> | FAR:ffff000800cb00d0 HPFAR:000000000880cb00 PAR:0000000000000000<br /> | VCPU:0000000000000000 ]---<br /> <br /> Fix it by checking for the successfull initialisation of kvm_arm_init()<br /> in finalize_pkvm() before proceeding any futher.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.4 (including) 6.4.8 (excluding)
cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools