CVE-2023-54174 — Vulnetix

CVE-2023-54174 PUBLISHED

Reported by Linux · Published December 30, 2025

In the Linux kernel, the following vulnerability has been resolved: vfio: Fix NULL pointer dereference caused by uninitialized group->iommufd group->iommufd is not initialized for the iommufd_ctx_put() [20018.331541] BUG: kernel NULL pointer dereference, address: 0000000000000000 [20018.377508] RIP: 0010:iommufd_ctx_put+0x5/0x10 [iommufd] ... [20018.476483] Call Trace: [20018.479214] <TASK> [20018.481555] vfio_group_fops_unl_ioctl+0x506/0x690 [vfio] [20018.487586] __x64_sys_ioctl+0x6a/0xb0 [20018.491773] ? trace_hardirqs_on+0xc5/0xe0 [20018.496347] do_syscall_64+0x67/0x90 [20018.500340] entry_SYSCALL_64_after_hwframe+0x4b/0xb5

EPSS 0.03% · 7.6th percentile

Risk Scores

EPSS Score

0.03%

7.6th percentile

Affected Products

Vendor	Product	Versions
Linux	Linux	9eefba8002c27d65ab52a533fd0611b099b73591, 9eefba8002c27d65ab52a533fd0611b099b73591
Linux	Linux	6.2, 0, 6.2.3
Linux	Linux	9eefba8002c27d65ab52a533fd0611b099b73591, 9eefba8002c27d65ab52a533fd0611b099b73591, 6.2
linux	linux_kernel	6.2, 6.2, 6.2

Timeline

Dec 30, 2025 CVE Published
Dec 31, 2025 EPSS Score
Jan 3, 2026 EPSS Score
Jan 6, 2026 EPSS Score
Jan 9, 2026 EPSS Score
Jan 12, 2026 EPSS Score
Jan 14, 2026 EPSS Score
Jan 17, 2026 EPSS Score
Jan 20, 2026 EPSS Score
Jan 23, 2026 EPSS Score
Jan 26, 2026 EPSS Score
Jan 29, 2026 EPSS Score

References

Open in Interactive Console →