CVE-2023-54225 Affecting kernel-source package, versions <6.4.0-150600.23.84.1
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-SLES156-KERNELSOURCE-15108347
- published27 Jan 2026
- disclosed26 Jan 2026
Introduced: 26 Jan 2026
CVE-2023-54225 (opens in a new tab)How to fix?
Upgrade SLES:15.6 kernel-source to version 6.4.0-150600.23.84.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-source package and not the kernel-source package as distributed by SLES.
See How to fix? for SLES:15.6 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
net: ipa: only reset hashed tables when supported
Last year, the code that manages GSI channel transactions switched from using spinlock-protected linked lists to using indexes into the ring buffer used for a channel. Recently, Google reported seeing transaction reference count underflows occasionally during shutdown.
Doug Anderson found a way to reproduce the issue reliably, and bisected the issue to the commit that eliminated the linked lists and the lock. The root cause was ultimately determined to be related to unused transactions being committed as part of the modem shutdown cleanup activity. Unused transactions are not normally expected (except in error cases).
The modem uses some ranges of IPA-resident memory, and whenever it shuts down we zero those ranges. In ipa_filter_reset_table() a transaction is allocated to zero modem filter table entries. If hashing is not supported, hashed table memory should not be zeroed. But currently nothing prevents that, and the result is an unused transaction. Something similar occurs when we zero routing table entries for the modem.
By preventing any attempt to clear hashed tables when hashing is not supported, the reference count underflow is avoided in this case.
Note that there likely remains an issue with properly freeing unused transactions (if they occur due to errors). This patch addresses only the underflows that Google originally reported.
References
- https://www.suse.com/security/cve/CVE-2023-54225.html
- https://bugzilla.suse.com/1256234
- https://git.kernel.org/stable/c/50c24f0c940728792c8bdf65c1eaf6b91b3b0dcd
- https://git.kernel.org/stable/c/c00af3a818cc573e10100cc6770f0e47befa1fa4
- https://git.kernel.org/stable/c/e11ec2b868af2b351c6c1e2e50eb711cc5423a10