CVE-2023-54239

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc2-eeac8ede1755+

Description The Linux kernel contained a flaw within the iommufd subsystem related to an improper check for user pointer overflows. Syzkaller testing revealed that creating a map with a user virtual address (VA) that wraps past zero could trigger warnings and issues with page pinning due to invalid arguments. This could potentially lead to unexpected behavior or system instability. The issue stemmed from a lack of proper validation when creating pages with a user pointer and size that could result in a mathematical overflow. The vulnerable code is located in the pfn reader user pin function.

Recommendations Update to a version newer than 6.3.0-rc2-eeac8ede1755+ to address this issue.