{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-30T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: s390/vmem: split pages when debug pagealloc is enabled",
    "id" : "2426072",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2426072"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ns390/vmem: split pages when debug pagealloc is enabled\nSince commit bb1520d581a3 (\"s390/mm: start kernel with DAT enabled\")\nthe kernel crashes early during boot when debug pagealloc is enabled:\nmem auto-init: stack:off, heap alloc:off, heap free:off\naddressing exception: 0005 ilc:2 [#1] SMP DEBUG_PAGEALLOC\nModules linked in:\nCPU: 0 PID: 0 Comm: swapper Not tainted 6.5.0-rc3-09759-gc5666c912155 #630\n[..]\nKrnl Code: 00000000001325f6: ec5600248064 cgrj %r5,%r6,8,000000000013263e\n00000000001325fc: eb880002000c srlg %r8,%r8,2\n#0000000000132602: b2210051     ipte %r5,%r1,%r0,0\n>0000000000132606: b90400d1     lgr %r13,%r1\n000000000013260a: 41605008     la %r6,8(%r5)\n000000000013260e: a7db1000     aghi %r13,4096\n0000000000132612: b221006d     ipte %r6,%r13,%r0,0\n0000000000132616: e3d0d0000171 lay %r13,4096(%r13)\nCall Trace:\n__kernel_map_pages+0x14e/0x320\n__free_pages_ok+0x23a/0x5a8)\nfree_low_memory_core_early+0x214/0x2c8\nmemblock_free_all+0x28/0x58\nmem_init+0xb6/0x228\nmm_core_init+0xb6/0x3b0\nstart_kernel+0x1d2/0x5a8\nstartup_continue+0x36/0x40\nKernel panic - not syncing: Fatal exception: panic_on_oops\nThis is caused by using large mappings on machines with EDAT1/EDAT2. Add\nthe code to split the mappings into 4k pages if debug pagealloc is enabled\nby CONFIG_DEBUG_PAGEALLOC_ENABLE_DEFAULT or the debug_pagealloc kernel\ncommand line option.", "In the Linux kernel’s s390/vmem subsystem, a flaw exists in the handling of virtual memory area initialization when debug pagealloc is enabled. Under certain conditions, the kernel may access memory after it has been freed or mishandled during early boot or subsystem initialization, resulting in a use-after-free condition that can cause an early kernel crash or undefined behavior on affected s390 systems." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54278\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54278\nhttps://lore.kernel.org/linux-cve-announce/2025123003-CVE-2023-54278-d4b2@gregkh/T" ],
  "name" : "CVE-2023-54278",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}