PT-2025-53214 · Linux · Linux Kernel

Published

2023-08-16

Updated

2026-03-24

CVE-2023-54137

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an information leak in the vfio/type1 subsystem. A hole in the vfio iommu type1 info cap migration structure is not initialized, potentially exposing data to userspace via the VFIO IOMMU GET INFO ioctl call. The issue stems from the vfio iommu migration build caps function filling the structure without initializing the hole, and subsequent copying of the structure to userspace. The memcpy function in vfio info add capability copies the structure, including the uninitialized hole.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2026-01209

CVE-2023-54137

RHSA-2024:2394

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

Affected Products

Linux Kernel

PT-2025-53214 · Linux · Linux Kernel

CVE-2023-54137

Weakness Enumeration

Related Identifiers

Affected Products

References · 1467