CVE-2023-54060

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.0-rc1-dirty #1236

Description A flaw exists in the Linux kernel's iommufd subsystem related to handling batch carry operations. Specifically, the end variable was not being set correctly, leading to a potential kernel NULL pointer dereference. This issue could be triggered during the destruction of an IOMMU domain, as observed in the iommufd ioas.mock domain.access domain destory test. The root cause is an incorrect calculation within the batch unpin function, which impacts the iopt area unfill domain and iopt table remove domain functions. The issue resulted in a kernel oops, specifically a BUG: kernel NULL pointer dereference.

Recommendations Update to Linux kernel version 6.5.0-rc1-dirty #1236 or a later version that includes the fix.

Exploit

Fix

Improper Resource Release

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-476

Related Identifiers

BDU:2026-01247

CVE-2023-54060

RHSA-2024:2394

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

Affected Products

Linux Kernel

CVE-2023-54060

Weakness Enumeration

Related Identifiers

Affected Products

References · 1460