CVE-2023-53647

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel’s VMBus client driver has an issue where it attempts to access resources of the ACPI namespace root object, which has an all-ones handle. This can lead to a NULL pointer dereference in the ACPI code, resulting in an oops on boot for VMBus host implementations that do not provide Hyper-V MMIO ranges in their VMBus ACPI device or its ancestors. The QEMU VMBus implementation is an example of such an implementation. The issue occurs when the driver walks the ACPI namespace up from the VMBus ACPI device to the ACPI namespace root object, attempting to find Hyper-V MMIO ranges. If these ranges are not found, the driver attempts to access resources of the root object itself, causing the dereference error.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.