CVE-2023-52506

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.5.0 and earlier

Description The Linux kernel has a vulnerability that can cause a panic when DEFERRED STRUCT PAGE INIT is enabled. This occurs after a specific commit, where the node ID is set to MAX NUMNODES, resulting in a NULL dereference in the call chain reserve bootmem region() -> init reserved page(). The issue arises from early memblock reserve() in memblock init() and can be avoided by setting all reserved memblocks on Node#0 at initialization.

Recommendations For Linux kernel version 6.5.0 and earlier, update to a newer version that includes the fix for this vulnerability. If updating is not possible, consider applying a patch that sets all reserved memblocks on Node#0 at initialization to avoid the panic.