CVE-2023-54117
Unknown Unknown - Not Provided
Use-After-Free in Linux s390 dcssblk Driver Causes Kernel Crash

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: s390/dcssblk: fix kernel crash with list_add corruption Commit fb08a1908cb1 ("dax: simplify the dax_device <-> gendisk association") introduced new logic for gendisk association, requiring drivers to explicitly call dax_add_host() and dax_remove_host(). For dcssblk driver, some dax_remove_host() calls were missing, e.g. in device remove path. The commit also broke error handling for out_dax case in device add path, resulting in an extra put_device() w/o the previous get_device() in that case. This lead to stale xarray entries after device add / remove cycles. In the case when a previously used struct gendisk pointer (xarray index) would be used again, because blk_alloc_disk() happened to return such a pointer, the xa_insert() in dax_add_host() would fail and go to out_dax, doing the extra put_device() in the error path. In combination with an already flawed error handling in dcssblk (device_register() cleanup), which needs to be addressed in a separate patch, this resulted in a missing device_del() / klist_del(), and eventually in the kernel crash with list_add corruption on a subsequent device_add() / klist_add(). Fix this by adding the missing dax_remove_host() calls, and also move the put_device() in the error path to restore the previous logic.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2023-54117
EUVD
EUVD-2023-60328
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

Apply the patch that fixes the missing dax_remove_host() calls and restores the previous put_device() logic in the error path for the dcssblk driver in the Linux kernel. This patch addresses the kernel crash caused by list_add corruption during device add/remove cycles.


Can you explain this vulnerability to me?

This vulnerability is a kernel crash issue in the Linux s390 dcssblk driver caused by missing calls to dax_remove_host() during device removal and flawed error handling in device addition. This leads to stale xarray entries and improper device cleanup, which eventually causes list_add corruption and a kernel crash during device add/remove cycles.


How can this vulnerability impact me? :

The vulnerability can cause the Linux kernel to crash due to list_add corruption when devices are added or removed repeatedly. This can lead to system instability or downtime on affected systems using the s390 dcssblk driver.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart