CVE-2023-53789
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Improve page fault error reporting If IOMMU domain for device group is not setup properly then we may hit IOMMU page fault. Current page fault handler assumes that domain is always setup and it will hit NULL pointer derefence (see below sample log). Lets check whether domain is setup or not and log appropriate message. Sample log: ---------- amdgpu 0000:00:01.0: amdgpu: SE 1, SH per SE 1, CU per SH 8, active_cu_number 6 BUG: kernel NULL pointer dereference, address: 0000000000000058 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 2 PID: 56 Comm: irq/24-AMD-Vi Not tainted 6.2.0-rc2+ #89 Hardware name: xxx RIP: 0010:report_iommu_fault+0x11/0x90 [...] Call Trace: <TASK> amd_iommu_int_thread+0x60c/0x760 ? __pfx_irq_thread_fn+0x10/0x10 irq_thread_fn+0x1f/0x60 irq_thread+0xea/0x1a0 ? preempt_count_add+0x6a/0xa0 ? __pfx_irq_thread_dtor+0x10/0x10 ? __pfx_irq_thread+0x10/0x10 kthread+0xe9/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2c/0x50 </TASK> [joro: Edit commit message]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-05-07
AI Q&A
2025-12-09
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53789
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's AMD IOMMU (Input-Output Memory Management Unit) driver. If the IOMMU domain for a device group is not properly set up, the kernel's page fault handler assumes the domain is always set up and attempts to access it, leading to a NULL pointer dereference. This causes a kernel crash or 'oops' due to an invalid memory access when handling IOMMU page faults.


How can this vulnerability impact me? :

The vulnerability can cause the Linux kernel to crash or become unstable due to a NULL pointer dereference when an IOMMU page fault occurs and the domain is not properly set up. This can lead to system instability, potential denial of service, and interruption of device operations relying on the IOMMU.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the system logs for kernel NULL pointer dereference errors related to IOMMU page faults. Specifically, look for log entries similar to the sample provided, which include messages like 'BUG: kernel NULL pointer dereference' and references to 'report_iommu_fault'. Commands such as 'dmesg | grep -i iommu' or 'journalctl -k | grep -i iommu' can help identify these errors in kernel logs.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves ensuring that the IOMMU domain for the device group is properly set up to prevent page faults that lead to NULL pointer dereferences. Applying the relevant Linux kernel updates or patches that improve page fault error reporting and check domain setup is recommended. Until patched, monitoring logs for the described errors and avoiding configurations that might cause improper IOMMU domain setup can help reduce risk.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart