{
  "threat_severity" : "Moderate",
  "public_date" : "2025-10-22T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: mm/vmemmap/devdax: fix kernel crash when probing devdax devices",
    "id" : "2405714",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2405714"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-843",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nmm/vmemmap/devdax: fix kernel crash when probing devdax devices\ncommit 4917f55b4ef9 (\"mm/sparse-vmemmap: improve memory savings for\ncompound devmaps\") added support for using optimized vmmemap for devdax\ndevices.  But how vmemmap mappings are created are architecture specific. \nFor example, powerpc with hash translation doesn't have vmemmap mappings\nin init_mm page table instead they are bolted table entries in the\nhardware page table\nvmemmap_populate_compound_pages() used by vmemmap optimization code is not\naware of these architecture-specific mapping.  Hence allow architecture to\nopt for this feature.  I selected architectures supporting\nHUGETLB_PAGE_OPTIMIZE_VMEMMAP option as also supporting this feature.\nThis patch fixes the below crash on ppc64.\nBUG: Unable to handle kernel data access on write at 0xc00c000100400038\nFaulting instruction address: 0xc000000001269d90\nOops: Kernel access of bad area, sig: 11 [#1]\nLE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\nModules linked in:\nCPU: 7 PID: 1 Comm: swapper/0 Not tainted 6.3.0-rc5-150500.34-default+ #2 5c90a668b6bbd142599890245c2fb5de19d7d28a\nHardware name: IBM,9009-42G POWER9 (raw) 0x4e0202 0xf000005 of:IBM,FW950.40 (VL950_099) hv:phyp pSeries\nNIP:  c000000001269d90 LR: c0000000004c57d4 CTR: 0000000000000000\nREGS: c000000003632c30 TRAP: 0300   Not tainted  (6.3.0-rc5-150500.34-default+)\nMSR:  8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 24842228  XER: 00000000\nCFAR: c0000000004c57d0 DAR: c00c000100400038 DSISR: 42000000 IRQMASK: 0\n....\nNIP [c000000001269d90] __init_single_page.isra.74+0x14/0x4c\nLR [c0000000004c57d4] __init_zone_device_page+0x44/0xd0\nCall Trace:\n[c000000003632ed0] [c000000003632f60] 0xc000000003632f60 (unreliable)\n[c000000003632f10] [c0000000004c5ca0] memmap_init_zone_device+0x170/0x250\n[c000000003632fe0] [c0000000005575f8] memremap_pages+0x2c8/0x7f0\n[c0000000036330c0] [c000000000557b5c] devm_memremap_pages+0x3c/0xa0\n[c000000003633100] [c000000000d458a8] dev_dax_probe+0x108/0x3e0\n[c0000000036331a0] [c000000000d41430] dax_bus_probe+0xb0/0x140\n[c0000000036331d0] [c000000000cef27c] really_probe+0x19c/0x520\n[c000000003633260] [c000000000cef6b4] __driver_probe_device+0xb4/0x230\n[c0000000036332e0] [c000000000cef888] driver_probe_device+0x58/0x120\n[c000000003633320] [c000000000cefa6c] __device_attach_driver+0x11c/0x1e0\n[c0000000036333a0] [c000000000cebc58] bus_for_each_drv+0xa8/0x130\n[c000000003633400] [c000000000ceefcc] __device_attach+0x15c/0x250\n[c0000000036334a0] [c000000000ced458] bus_probe_device+0x108/0x110\n[c0000000036334f0] [c000000000ce92dc] device_add+0x7fc/0xa10\n[c0000000036335b0] [c000000000d447c8] devm_create_dev_dax+0x1d8/0x530\n[c000000003633640] [c000000000d46b60] __dax_pmem_probe+0x200/0x270\n[c0000000036337b0] [c000000000d46bf0] dax_pmem_probe+0x20/0x70\n[c0000000036337d0] [c000000000d2279c] nvdimm_bus_probe+0xac/0x2b0\n[c000000003633860] [c000000000cef27c] really_probe+0x19c/0x520\n[c0000000036338f0] [c000000000cef6b4] __driver_probe_device+0xb4/0x230\n[c000000003633970] [c000000000cef888] driver_probe_device+0x58/0x120\n[c0000000036339b0] [c000000000cefd08] __driver_attach+0x1d8/0x240\n[c000000003633a30] [c000000000cebb04] bus_for_each_dev+0xb4/0x130\n[c000000003633a90] [c000000000cee564] driver_attach+0x34/0x50\n[c000000003633ab0] [c000000000ced878] bus_add_driver+0x218/0x300\n[c000000003633b40] [c000000000cf1144] driver_register+0xa4/0x1b0\n[c000000003633bb0] [c000000000d21a0c] __nd_driver_register+0x5c/0x100\n[c000000003633c10] [c00000000206a2e8] dax_pmem_init+0x34/0x48\n[c000000003633c30] [c0000000000132d0] do_one_initcall+0x60/0x320\n[c000000003633d00] [c0000000020051b0] kernel_init_freeable+0x360/0x400\n[c000000003633de0] [c000000000013764] kernel_init+0x34/0x1d0\n[c000000003633e50] [c00000000000de14] ret_from_kernel_thread+0x5c/0x64", "A flaw was discovered in the device DAX (devdax) probing implementation of the Linux kernel memory management subsystem (mm/vmemmap/devdax). Under specific architecture configurations (for example POWER9 with hash MMU), the code path in vmemmap_populate_compound_pages() did not properly account for architecture‐specific vmemmap mappings, which could lead to a kernel data access of a bad area (kernel crash) when probing a devdax device." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53706\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53706\nhttps://lore.kernel.org/linux-cve-announce/2025102212-CVE-2023-53706-18d9@gregkh/T" ],
  "name" : "CVE-2023-53706",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}