{"id":"CVE-2023-54095","summary":"powerpc/iommu: Fix notifiers being shared by PCI and VIO buses","details":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/iommu: Fix notifiers being shared by PCI and VIO buses\n\nfail_iommu_setup() registers the fail_iommu_bus_notifier struct to both\nPCI and VIO buses.  struct notifier_block is a linked list node, so this\ncauses any notifiers later registered to either bus type to also be\nregistered to the other since they share the same node.\n\nThis causes issues in (at least) the vgaarb code, which registers a\nnotifier for PCI buses.  pci_notify() ends up being called on a vio\ndevice, converted with to_pci_dev() even though it's not a PCI device,\nand finally makes a bad access in vga_arbiter_add_pci_device() as\ndiscovered with KASAN:\n\n BUG: KASAN: slab-out-of-bounds in vga_arbiter_add_pci_device+0x60/0xe00\n Read of size 4 at addr c000000264c26fdc by task swapper/0/1\n\n Call Trace:\n   dump_stack_lvl+0x1bc/0x2b8 (unreliable)\n   print_report+0x3f4/0xc60\n   kasan_report+0x244/0x698\n   __asan_load4+0xe8/0x250\n   vga_arbiter_add_pci_device+0x60/0xe00\n   pci_notify+0x88/0x444\n   notifier_call_chain+0x104/0x320\n   blocking_notifier_call_chain+0xa0/0x140\n   device_add+0xac8/0x1d30\n   device_register+0x58/0x80\n   vio_register_device_node+0x9ac/0xce0\n   vio_bus_scan_register_devices+0xc4/0x13c\n   __machine_initcall_pseries_vio_device_init+0x94/0xf0\n   do_one_initcall+0x12c/0xaa8\n   kernel_init_freeable+0xa48/0xba8\n   kernel_init+0x64/0x400\n   ret_from_kernel_thread+0x5c/0x64\n\nFix this by creating separate notifier_block structs for each bus type.\n\n[mpe: Add #ifdef to fix CONFIG_IBMVIO=n build]","modified":"2026-03-31T17:29:40.271091828Z","published":"2025-12-24T13:06:23.157Z","related":["SUSE-SU-2026:0263-1","SUSE-SU-2026:0278-1","SUSE-SU-2026:0281-1","SUSE-SU-2026:0293-1","SUSE-SU-2026:0315-1","SUSE-SU-2026:0316-1","SUSE-SU-2026:0317-1","SUSE-SU-2026:0411-1","SUSE-SU-2026:0617-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54095.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/075a4dcdbc9a5ea793cb8ec8b78a6c0b7636fd52"},{"type":"WEB","url":"https://git.kernel.org/stable/c/65bf8a196ba25cf65a858b5bb8de80f0aad76691"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6670c65bf863cd0d44ca24d4c10ef6755b8d9529"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a9ddbfed53465bc7c411231db32a488066c0c1be"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c37b6908f7b2bd24dcaaf14a180e28c9132b9c58"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c46af58588253e5e4063bb5ddc78cd12fdf9e55d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dc0d107e624ca96aef6dd8722eb33ba3a6d157b0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f08944e3c6962b00827de7263a9e20688e79ad84"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f17d5efaafba3d5f02f0373f7c5f44711d676f3e"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54095.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-54095"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d6b9a81b2a45786384f5bd3516bd6ddfb4b772c6"},{"fixed":"dc0d107e624ca96aef6dd8722eb33ba3a6d157b0"},{"fixed":"075a4dcdbc9a5ea793cb8ec8b78a6c0b7636fd52"},{"fixed":"65bf8a196ba25cf65a858b5bb8de80f0aad76691"},{"fixed":"f08944e3c6962b00827de7263a9e20688e79ad84"},{"fixed":"a9ddbfed53465bc7c411231db32a488066c0c1be"},{"fixed":"f17d5efaafba3d5f02f0373f7c5f44711d676f3e"},{"fixed":"c46af58588253e5e4063bb5ddc78cd12fdf9e55d"},{"fixed":"6670c65bf863cd0d44ca24d4c10ef6755b8d9529"},{"fixed":"c37b6908f7b2bd24dcaaf14a180e28c9132b9c58"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54095.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.6.0"},{"fixed":"4.14.326"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.295"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.257"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.195"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.132"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.53"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.4.16"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.5.0"},{"fixed":"6.5.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54095.json"}}],"schema_version":"1.7.5"}