CVE-2023-54267
Unknown Unknown - Not Provided
Preemption Bug in Linux powerpc lppaca Shared Proc Access

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT lppaca_shared_proc() takes a pointer to the lppaca which is typically accessed through get_lppaca(). With DEBUG_PREEMPT enabled, this leads to checking if preemption is enabled, for example: BUG: using smp_processor_id() in preemptible [00000000] code: grep/10693 caller is lparcfg_data+0x408/0x19a0 CPU: 4 PID: 10693 Comm: grep Not tainted 6.5.0-rc3 #2 Call Trace: dump_stack_lvl+0x154/0x200 (unreliable) check_preemption_disabled+0x214/0x220 lparcfg_data+0x408/0x19a0 ... This isn't actually a problem however, as it does not matter which lppaca is accessed, the shared proc state will be the same. vcpudispatch_stats_procfs_init() already works around this by disabling preemption, but the lparcfg code does not, erroring any time /proc/powerpc/lparcfg is accessed with DEBUG_PREEMPT enabled. Instead of disabling preemption on the caller side, rework lppaca_shared_proc() to not take a pointer and instead directly access the lppaca, bypassing any potential preemption checks. [mpe: Rework to avoid needing a definition in paca.h and lppaca.h]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-05-07
AI Q&A
2025-12-30
EPSS Evaluated
2026-05-05
NVD
CVE-2023-54267
EUVD
EUVD-2023-60374
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.5.0-rc3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's powerpc/pseries code, specifically the lppaca_shared_proc() function. When DEBUG_PREEMPT is enabled, accessing the lppaca pointer through get_lppaca() causes preemption checks that can lead to errors or bugs, such as using smp_processor_id() in preemptible code. The issue arises because the lparcfg code does not disable preemption when accessing /proc/powerpc/lparcfg, causing errors. The fix reworks lppaca_shared_proc() to directly access the lppaca without taking a pointer, thus avoiding preemption checks and related errors.


How can this vulnerability impact me? :

This vulnerability can cause errors or bugs in the Linux kernel when DEBUG_PREEMPT is enabled and /proc/powerpc/lparcfg is accessed. Specifically, it can lead to kernel warnings or crashes due to improper preemption handling, potentially affecting system stability or reliability on affected PowerPC systems.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is resolved by reworking the lppaca_shared_proc() function in the Linux kernel to avoid DEBUG_PREEMPT issues. Immediate mitigation involves updating the Linux kernel to a version that includes this fix, as the problem occurs when accessing /proc/powerpc/lparcfg with DEBUG_PREEMPT enabled. Disabling DEBUG_PREEMPT or applying the kernel patch that reworks lppaca_shared_proc() are the recommended steps.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart