CVE-2023-54174
Reported by Linux · Published December 30, 2025
In the Linux kernel, the following vulnerability has been resolved: vfio: Fix NULL pointer dereference caused by uninitialized group->iommufd group->iommufd is not initialized for the iommufd_ctx_put() [20018.331541] BUG: kernel NULL pointer dereference, address: 0000000000000000 [20018.377508] RIP: 0010:iommufd_ctx_put+0x5/0x10 [iommufd] ... [20018.476483] Call Trace: [20018.479214] <TASK> [20018.481555] vfio_group_fops_unl_ioctl+0x506/0x690 [vfio] [20018.487586] __x64_sys_ioctl+0x6a/0xb0 [20018.491773] ? trace_hardirqs_on+0xc5/0xe0 [20018.496347] do_syscall_64+0x67/0x90 [20018.500340] entry_SYSCALL_64_after_hwframe+0x4b/0xb5
EPSS 0.02% · 6.5th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 9eefba8002c27d65ab52a533fd0611b099b73591, 9eefba8002c27d65ab52a533fd0611b099b73591 |
| Linux | Linux | 6.2, 0, 6.2.3 |
| Linux | Linux | 6.2.3, 9eefba8002c27d65ab52a533fd0611b099b73591, 6.2 |
| linux | linux_kernel | 6.2, 6.2, 6.2 |
Timeline
- Dec 30, 2025 CVE Published
- Dec 31, 2025 EPSS Score
- Jan 3, 2026 EPSS Score
- Jan 7, 2026 EPSS Score
- Jan 10, 2026 EPSS Score
- Jan 14, 2026 EPSS Score
- Jan 17, 2026 EPSS Score
- Jan 21, 2026 EPSS Score
- Jan 24, 2026 EPSS Score
- Jan 28, 2026 EPSS Score
- Jan 31, 2026 EPSS Score
- Feb 3, 2026 EPSS Score