CVE-2023-54043 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-54043 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not add the same hwpt to the ioas->hwpt_list twice The hwpt is added to the hwpt_list only during its creation, it is never added again. This hunk is some missed leftover from rework. Adding it twice will corrupt the linked list in some cases. It effects HWPT specific attachment, which is something the test suite cannot cover until we can create a legitimate struct device with a non-system iommu "driver" (ie we need the bus removed from the iommu code)

EPSS 0.03% · 7.6th percentile

Risk Scores

EPSS Score

0.03%

7.6th percentile

Affected Products

Vendor	Product	Versions
Linux	Linux	e8d57210035b6377d424ba964961892d01127cf6, e8d57210035b6377d424ba964961892d01127cf6, 6.2
linux	linux_kernel	6.2, 6.2

Timeline

Dec 24, 2025 CVE Published
Dec 24, 2025 CVE Updated
Dec 25, 2025 EPSS Score
Dec 28, 2025 EPSS Score
Dec 31, 2025 EPSS Score
Jan 3, 2026 EPSS Score
Jan 6, 2026 EPSS Score
Jan 10, 2026 EPSS Score
Jan 13, 2026 EPSS Score
Jan 16, 2026 EPSS Score
Jan 19, 2026 EPSS Score
Jan 22, 2026 EPSS Score

References

Open in Interactive Console →