CVE-2023-54117 Affecting kernel-source package, versions <6.4.0-150600.23.84.1
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-SLES156-KERNELSOURCE-15106352
- published27 Jan 2026
- disclosed26 Jan 2026
Introduced: 26 Jan 2026
CVE-2023-54117 (opens in a new tab)How to fix?
Upgrade SLES:15.6 kernel-source to version 6.4.0-150600.23.84.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-source package and not the kernel-source package as distributed by SLES.
See How to fix? for SLES:15.6 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
s390/dcssblk: fix kernel crash with list_add corruption
Commit fb08a1908cb1 ("dax: simplify the dax_device <-> gendisk association") introduced new logic for gendisk association, requiring drivers to explicitly call dax_add_host() and dax_remove_host().
For dcssblk driver, some dax_remove_host() calls were missing, e.g. in device remove path. The commit also broke error handling for out_dax case in device add path, resulting in an extra put_device() w/o the previous get_device() in that case.
This lead to stale xarray entries after device add / remove cycles. In the case when a previously used struct gendisk pointer (xarray index) would be used again, because blk_alloc_disk() happened to return such a pointer, the xa_insert() in dax_add_host() would fail and go to out_dax, doing the extra put_device() in the error path. In combination with an already flawed error handling in dcssblk (device_register() cleanup), which needs to be addressed in a separate patch, this resulted in a missing device_del() / klist_del(), and eventually in the kernel crash with list_add corruption on a subsequent device_add() / klist_add().
Fix this by adding the missing dax_remove_host() calls, and also move the put_device() in the error path to restore the previous logic.
References
- https://www.suse.com/security/cve/CVE-2023-54117.html
- https://bugzilla.suse.com/1256348
- https://git.kernel.org/stable/c/6489ec0107860345bc57dcde39e63dfb05ac5c11
- https://git.kernel.org/stable/c/b5c531a9a7d8e047c90c909f09cef06a9f8e62f4
- https://git.kernel.org/stable/c/b7ad75c77349beb4983b9f27108d9b3f33ae1413
- https://git.kernel.org/stable/c/c8f40a0bccefd613748d080147469a4652d6e74c