{
  "threat_severity" : "Low",
  "public_date" : "2025-12-30T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: vfio: Fix NULL pointer dereference caused by uninitialized group->iommufd",
    "id" : "2426192",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2426192"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-824",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nvfio: Fix NULL pointer dereference caused by uninitialized group->iommufd\ngroup->iommufd is not initialized for the iommufd_ctx_put()\n[20018.331541] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[20018.377508] RIP: 0010:iommufd_ctx_put+0x5/0x10 [iommufd]\n...\n[20018.476483] Call Trace:\n[20018.479214]  <TASK>\n[20018.481555]  vfio_group_fops_unl_ioctl+0x506/0x690 [vfio]\n[20018.487586]  __x64_sys_ioctl+0x6a/0xb0\n[20018.491773]  ? trace_hardirqs_on+0xc5/0xe0\n[20018.496347]  do_syscall_64+0x67/0x90\n[20018.500340]  entry_SYSCALL_64_after_hwframe+0x4b/0xb5", "A NULL pointer dereference was found in the VFIO subsystem. When a VFIO group operation fails before group->iommufd is initialized, the cleanup path calls iommufd_ctx_put() with a NULL pointer, causing a kernel crash." ],
  "statement" : "This affects systems using VFIO with IOMMUFD. The crash occurs on error paths during VFIO group setup, requiring specific failure conditions to trigger. Virtualization hosts using VFIO for device passthrough are the primary affected systems.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54174\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54174\nhttps://lore.kernel.org/linux-cve-announce/2025123022-CVE-2023-54174-1ff6@gregkh/T" ],
  "name" : "CVE-2023-54174",
  "csaw" : false
}