CVE-2023-54225
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-12-30

Last updated on: 2025-12-31

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: ipa: only reset hashed tables when supported Last year, the code that manages GSI channel transactions switched from using spinlock-protected linked lists to using indexes into the ring buffer used for a channel. Recently, Google reported seeing transaction reference count underflows occasionally during shutdown. Doug Anderson found a way to reproduce the issue reliably, and bisected the issue to the commit that eliminated the linked lists and the lock. The root cause was ultimately determined to be related to unused transactions being committed as part of the modem shutdown cleanup activity. Unused transactions are not normally expected (except in error cases). The modem uses some ranges of IPA-resident memory, and whenever it shuts down we zero those ranges. In ipa_filter_reset_table() a transaction is allocated to zero modem filter table entries. If hashing is not supported, hashed table memory should not be zeroed. But currently nothing prevents that, and the result is an unused transaction. Something similar occurs when we zero routing table entries for the modem. By preventing any attempt to clear hashed tables when hashing is not supported, the reference count underflow is avoided in this case. Note that there likely remains an issue with properly freeing unused transactions (if they occur due to errors). This patch addresses only the underflows that Google originally reported.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-31
Generated
2026-05-06
AI Q&A
2025-12-30
EPSS Evaluated
2026-05-05
NVD
CVE-2023-54225
EUVD
EUVD-2023-60416
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's handling of GSI channel transactions in the IPA (IP Accelerator) component. A change replaced spinlock-protected linked lists with ring buffer indexes for managing transactions. This led to occasional transaction reference count underflows during modem shutdown, caused by unused transactions being committed when they should not be. Specifically, when hashing is not supported, hashed table memory should not be zeroed, but the code did not prevent this, resulting in unused transactions and reference count underflows. The fix prevents clearing hashed tables when hashing is unsupported, avoiding these underflows.


How can this vulnerability impact me? :

The vulnerability can cause transaction reference count underflows during modem shutdown in the Linux kernel's IPA component. This may lead to improper handling of modem shutdown cleanup, potentially causing system instability or unexpected behavior related to memory management in the IPA subsystem. However, the description does not specify direct security impacts such as data leakage or privilege escalation.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is resolved by preventing attempts to clear hashed tables when hashing is not supported, which avoids reference count underflows. Immediate mitigation would involve updating the Linux kernel to a version that includes this fix. There are no other specific mitigation steps or workarounds described.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart