CVE-2023-54043
CVE-2023-54043 is a security vulnerability that is still awaiting full analysis and scoring. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- EPSS exploit prediction: 0% (9th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2023-60283
- Published:
- Last modified:
Description
In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not add the same hwpt to the ioas->hwpt_list twice The hwpt is added to the hwpt_list only during its creation, it is never added again. This hunk is some missed leftover from rework. Adding it twice will corrupt the linked list in some cases. It effects HWPT specific attachment, which is something the test suite cannot cover until we can create a legitimate struct device with a non-system iommu "driver" (ie we need the bus removed from the iommu code)
Frequently asked questions
- What is CVE-2023-54043?
- In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not add the same hwpt to the ioas->hwpt_list twice The hwpt is added to the hwpt_list only during its creation, it is never added again. This hunk is some missed leftover from rework. Adding it twice will corrupt the linked list in some cases. It effects HWPT specific attachment, which is something the test suite cannot cover until we can create a legitimate struct device with a non-system iommu "driver" (ie we need the bus removed from the iommu code)
- Is CVE-2023-54043 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (9th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2023-54043?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2023-54043 have an EU (EUVD) identifier?
- Yes. CVE-2023-54043 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2023-60283.
- When was CVE-2023-54043 published?
- CVE-2023-54043 was published on 2025-12-24 and last updated on 2026-06-17.