VDB

CVE-2023-54043

CVE-2023-54043 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not add the same hwpt to the ioas->hwpt_list twice The hwpt is added to the hwpt_list only during its creation, it is never added again. This hunk is some missed leftover from rework. Adding it twice will corrupt the linked list in some cases. It effects HWPT specific attachment, which is something the test suite cannot cover until we can create a legitimate struct device with a non-system iommu "driver" (ie we need the bus removed from the iommu code)

EPSS 0.03% · 7.9th percentile

Risk Scores

EPSS Score
0.03%
7.9th percentile

Affected Products

VendorProductVersions
LinuxLinux*, 6.2.3, 6.3
linuxlinux_kernel6.2, 6.2

Exploit Intelligence

Timeline

  • Dec 24, 2025 CVE Published
  • Dec 24, 2025 CVE Updated
  • Dec 25, 2025 EPSS Score
  • Dec 29, 2025 EPSS Score
  • Jan 1, 2026 EPSS Score
  • Jan 5, 2026 EPSS Score
  • Jan 9, 2026 EPSS Score
  • Jan 12, 2026 EPSS Score
  • Jan 16, 2026 EPSS Score
  • Jan 20, 2026 EPSS Score
  • Jan 23, 2026 EPSS Score
  • Jan 27, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›