CVE-2023-54008 (GCVE-0-2023-54008)

Vulnerability from cvelistv5 – Published: 2025-12-24 10:55 – Updated: 2025-12-24 10:55
VLAI?
Title
virtio_vdpa: build affinity masks conditionally
Summary
In the Linux kernel, the following vulnerability has been resolved: virtio_vdpa: build affinity masks conditionally We try to build affinity mask via create_affinity_masks() unconditionally which may lead several issues: - the affinity mask is not used for parent without affinity support (only VDUSE support the affinity now) - the logic of create_affinity_masks() might not work for devices other than block. For example it's not rare in the networking device where the number of queues could exceed the number of CPUs. Such case breaks the current affinity logic which is based on group_cpus_evenly() who assumes the number of CPUs are not less than the number of groups. This can trigger a warning[1]: if (ret >= 0) WARN_ON(nr_present + nr_others < numgrps); Fixing this by only build the affinity masks only when - Driver passes affinity descriptor, driver like virtio-blk can make sure to limit the number of queues when it exceeds the number of CPUs - Parent support affinity setting config ops This help to avoid the warning. More optimizations could be done on top. [1] [ 682.146655] WARNING: CPU: 6 PID: 1550 at lib/group_cpus.c:400 group_cpus_evenly+0x1aa/0x1c0 [ 682.146668] CPU: 6 PID: 1550 Comm: vdpa Not tainted 6.5.0-rc5jason+ #79 [ 682.146671] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014 [ 682.146673] RIP: 0010:group_cpus_evenly+0x1aa/0x1c0 [ 682.146676] Code: 4c 89 e0 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc cc e8 1b c4 74 ff 48 89 ef e8 13 ac 98 ff 4c 89 e7 45 31 e4 e8 08 ac 98 ff eb c2 <0f> 0b eb b6 e8 fd 05 c3 00 45 31 e4 eb e5 cc cc cc cc cc cc cc cc [ 682.146679] RSP: 0018:ffffc9000215f498 EFLAGS: 00010293 [ 682.146682] RAX: 000000000001f1e0 RBX: 0000000000000041 RCX: 0000000000000000 [ 682.146684] RDX: ffff888109922058 RSI: 0000000000000041 RDI: 0000000000000030 [ 682.146686] RBP: ffff888109922058 R08: ffffc9000215f498 R09: ffffc9000215f4a0 [ 682.146687] R10: 00000000000198d0 R11: 0000000000000030 R12: ffff888107e02800 [ 682.146689] R13: 0000000000000030 R14: 0000000000000030 R15: 0000000000000041 [ 682.146692] FS: 00007fef52315740(0000) GS:ffff888237380000(0000) knlGS:0000000000000000 [ 682.146695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 682.146696] CR2: 00007fef52509000 CR3: 0000000110dbc004 CR4: 0000000000370ee0 [ 682.146698] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 682.146700] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 682.146701] Call Trace: [ 682.146703] <TASK> [ 682.146705] ? __warn+0x7b/0x130 [ 682.146709] ? group_cpus_evenly+0x1aa/0x1c0 [ 682.146712] ? report_bug+0x1c8/0x1e0 [ 682.146717] ? handle_bug+0x3c/0x70 [ 682.146721] ? exc_invalid_op+0x14/0x70 [ 682.146723] ? asm_exc_invalid_op+0x16/0x20 [ 682.146727] ? group_cpus_evenly+0x1aa/0x1c0 [ 682.146729] ? group_cpus_evenly+0x15c/0x1c0 [ 682.146731] create_affinity_masks+0xaf/0x1a0 [ 682.146735] virtio_vdpa_find_vqs+0x83/0x1d0 [ 682.146738] ? __pfx_default_calc_sets+0x10/0x10 [ 682.146742] virtnet_find_vqs+0x1f0/0x370 [ 682.146747] virtnet_probe+0x501/0xcd0 [ 682.146749] ? vp_modern_get_status+0x12/0x20 [ 682.146751] ? get_cap_addr.isra.0+0x10/0xc0 [ 682.146754] virtio_dev_probe+0x1af/0x260 [ 682.146759] really_probe+0x1a5/0x410
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 3dad56823b5332ffdbe1867b2d7b50fbacea124a , < 5f2592243ccd5bb5341f59be409ccfdd586841f3 (git)
Affected: 3dad56823b5332ffdbe1867b2d7b50fbacea124a , < 628b53fc66ca1910a3cb53c3c7e44e59750c3668 (git)
Affected: 3dad56823b5332ffdbe1867b2d7b50fbacea124a , < ae15aceaa98ad9499763923f7890e345d9f46b60 (git)
Create a notification for this product.
    Linux Linux Affected: 6.4
Unaffected: 0 , < 6.4 (semver)
Unaffected: 6.4.16 , ≤ 6.4.* (semver)
Unaffected: 6.5.3 , ≤ 6.5.* (semver)
Unaffected: 6.6 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/virtio/virtio_vdpa.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5f2592243ccd5bb5341f59be409ccfdd586841f3",
              "status": "affected",
              "version": "3dad56823b5332ffdbe1867b2d7b50fbacea124a",
              "versionType": "git"
            },
            {
              "lessThan": "628b53fc66ca1910a3cb53c3c7e44e59750c3668",
              "status": "affected",
              "version": "3dad56823b5332ffdbe1867b2d7b50fbacea124a",
              "versionType": "git"
            },
            {
              "lessThan": "ae15aceaa98ad9499763923f7890e345d9f46b60",
              "status": "affected",
              "version": "3dad56823b5332ffdbe1867b2d7b50fbacea124a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/virtio/virtio_vdpa.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.16",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.3",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_vdpa: build affinity masks conditionally\n\nWe try to build affinity mask via create_affinity_masks()\nunconditionally which may lead several issues:\n\n- the affinity mask is not used for parent without affinity support\n  (only VDUSE support the affinity now)\n- the logic of create_affinity_masks() might not work for devices\n  other than block. For example it\u0027s not rare in the networking device\n  where the number of queues could exceed the number of CPUs. Such\n  case breaks the current affinity logic which is based on\n  group_cpus_evenly() who assumes the number of CPUs are not less than\n  the number of groups. This can trigger a warning[1]:\n\n\tif (ret \u003e= 0)\n\t\tWARN_ON(nr_present + nr_others \u003c numgrps);\n\nFixing this by only build the affinity masks only when\n\n- Driver passes affinity descriptor, driver like virtio-blk can make\n  sure to limit the number of queues when it exceeds the number of CPUs\n- Parent support affinity setting config ops\n\nThis help to avoid the warning. More optimizations could be done on\ntop.\n\n[1]\n[  682.146655] WARNING: CPU: 6 PID: 1550 at lib/group_cpus.c:400 group_cpus_evenly+0x1aa/0x1c0\n[  682.146668] CPU: 6 PID: 1550 Comm: vdpa Not tainted 6.5.0-rc5jason+ #79\n[  682.146671] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014\n[  682.146673] RIP: 0010:group_cpus_evenly+0x1aa/0x1c0\n[  682.146676] Code: 4c 89 e0 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc cc e8 1b c4 74 ff 48 89 ef e8 13 ac 98 ff 4c 89 e7 45 31 e4 e8 08 ac 98 ff eb c2 \u003c0f\u003e 0b eb b6 e8 fd 05 c3 00 45 31 e4 eb e5 cc cc cc cc cc cc cc cc\n[  682.146679] RSP: 0018:ffffc9000215f498 EFLAGS: 00010293\n[  682.146682] RAX: 000000000001f1e0 RBX: 0000000000000041 RCX: 0000000000000000\n[  682.146684] RDX: ffff888109922058 RSI: 0000000000000041 RDI: 0000000000000030\n[  682.146686] RBP: ffff888109922058 R08: ffffc9000215f498 R09: ffffc9000215f4a0\n[  682.146687] R10: 00000000000198d0 R11: 0000000000000030 R12: ffff888107e02800\n[  682.146689] R13: 0000000000000030 R14: 0000000000000030 R15: 0000000000000041\n[  682.146692] FS:  00007fef52315740(0000) GS:ffff888237380000(0000) knlGS:0000000000000000\n[  682.146695] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  682.146696] CR2: 00007fef52509000 CR3: 0000000110dbc004 CR4: 0000000000370ee0\n[  682.146698] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[  682.146700] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[  682.146701] Call Trace:\n[  682.146703]  \u003cTASK\u003e\n[  682.146705]  ? __warn+0x7b/0x130\n[  682.146709]  ? group_cpus_evenly+0x1aa/0x1c0\n[  682.146712]  ? report_bug+0x1c8/0x1e0\n[  682.146717]  ? handle_bug+0x3c/0x70\n[  682.146721]  ? exc_invalid_op+0x14/0x70\n[  682.146723]  ? asm_exc_invalid_op+0x16/0x20\n[  682.146727]  ? group_cpus_evenly+0x1aa/0x1c0\n[  682.146729]  ? group_cpus_evenly+0x15c/0x1c0\n[  682.146731]  create_affinity_masks+0xaf/0x1a0\n[  682.146735]  virtio_vdpa_find_vqs+0x83/0x1d0\n[  682.146738]  ? __pfx_default_calc_sets+0x10/0x10\n[  682.146742]  virtnet_find_vqs+0x1f0/0x370\n[  682.146747]  virtnet_probe+0x501/0xcd0\n[  682.146749]  ? vp_modern_get_status+0x12/0x20\n[  682.146751]  ? get_cap_addr.isra.0+0x10/0xc0\n[  682.146754]  virtio_dev_probe+0x1af/0x260\n[  682.146759]  really_probe+0x1a5/0x410"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T10:55:41.982Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5f2592243ccd5bb5341f59be409ccfdd586841f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/628b53fc66ca1910a3cb53c3c7e44e59750c3668"
        },
        {
          "url": "https://git.kernel.org/stable/c/ae15aceaa98ad9499763923f7890e345d9f46b60"
        }
      ],
      "title": "virtio_vdpa: build affinity masks conditionally",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54008",
    "datePublished": "2025-12-24T10:55:41.982Z",
    "dateReserved": "2025-12-24T10:53:46.177Z",
    "dateUpdated": "2025-12-24T10:55:41.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.