2395397 – (CVE-2023-53259) CVE-2023-53259 kernel: Linux kernel VMCI: Denial of Service via GPF

Bug 2395397 (CVE-2023-53259) - CVE-2023-53259 kernel: Linux kernel VMCI: Denial of Service via GPF

Summary: CVE-2023-53259 kernel: Linux kernel VMCI: Denial of Service via GPF

Keywords:
Status:	NEW
Alias:	CVE-2023-53259
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-09-15 15:11 UTC by OSIDB Bzimport
Modified:	2025-11-14 14:26 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-09-15 15:11:38 UTC

In the Linux kernel, the following vulnerability has been resolved:

VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF

The call to get_user_pages_fast() in vmci_host_setup_notify() can return
NULL context->notify_page causing a GPF. To avoid GPF check if
context->notify_page == NULL and return error if so.

general protection fault, probably for non-canonical address
    0xe0009d1000000060: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: maybe wild-memory-access in range [0x0005088000000300-
    0x0005088000000307]
CPU: 2 PID: 26180 Comm: repro_34802241 Not tainted 6.1.0-rc4 #1
Hardware name: Red Hat KVM, BIOS 1.15.0-2.module+el8.6.0 04/01/2014
RIP: 0010:vmci_ctx_check_signal_notify+0x91/0xe0
Call Trace:
 <TASK>
 vmci_host_unlocked_ioctl+0x362/0x1f40
 __x64_sys_ioctl+0x1a1/0x230
 do_syscall_64+0x3a/0x90
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Comment 1 Jon Moroney 2025-09-15 18:11:30 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025091503-CVE-2023-53259-5409@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.