{ "threat_severity" : "Low", "public_date" : "2025-12-24T00:00:00Z", "bugzilla" : { "description" : "kernel: virtio_vdpa: build affinity masks conditionally", "id" : "2424928", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2424928" }, "cvss3" : { "cvss3_base_score" : "3.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status" : "verified" }, "cwe" : "CWE-839", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nvirtio_vdpa: build affinity masks conditionally\nWe try to build affinity mask via create_affinity_masks()\nunconditionally which may lead several issues:\n- the affinity mask is not used for parent without affinity support\n(only VDUSE support the affinity now)\n- the logic of create_affinity_masks() might not work for devices\nother than block. For example it's not rare in the networking device\nwhere the number of queues could exceed the number of CPUs. Such\ncase breaks the current affinity logic which is based on\ngroup_cpus_evenly() who assumes the number of CPUs are not less than\nthe number of groups. This can trigger a warning[1]:\nif (ret >= 0)\nWARN_ON(nr_present + nr_others < numgrps);\nFixing this by only build the affinity masks only when\n- Driver passes affinity descriptor, driver like virtio-blk can make\nsure to limit the number of queues when it exceeds the number of CPUs\n- Parent support affinity setting config ops\nThis help to avoid the warning. More optimizations could be done on\ntop.\n[1]\n[ 682.146655] WARNING: CPU: 6 PID: 1550 at lib/group_cpus.c:400 group_cpus_evenly+0x1aa/0x1c0\n[ 682.146668] CPU: 6 PID: 1550 Comm: vdpa Not tainted 6.5.0-rc5jason+ #79\n[ 682.146671] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014\n[ 682.146673] RIP: 0010:group_cpus_evenly+0x1aa/0x1c0\n[ 682.146676] Code: 4c 89 e0 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc cc e8 1b c4 74 ff 48 89 ef e8 13 ac 98 ff 4c 89 e7 45 31 e4 e8 08 ac 98 ff eb c2 <0f> 0b eb b6 e8 fd 05 c3 00 45 31 e4 eb e5 cc cc cc cc cc cc cc cc\n[ 682.146679] RSP: 0018:ffffc9000215f498 EFLAGS: 00010293\n[ 682.146682] RAX: 000000000001f1e0 RBX: 0000000000000041 RCX: 0000000000000000\n[ 682.146684] RDX: ffff888109922058 RSI: 0000000000000041 RDI: 0000000000000030\n[ 682.146686] RBP: ffff888109922058 R08: ffffc9000215f498 R09: ffffc9000215f4a0\n[ 682.146687] R10: 00000000000198d0 R11: 0000000000000030 R12: ffff888107e02800\n[ 682.146689] R13: 0000000000000030 R14: 0000000000000030 R15: 0000000000000041\n[ 682.146692] FS: 00007fef52315740(0000) GS:ffff888237380000(0000) knlGS:0000000000000000\n[ 682.146695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 682.146696] CR2: 00007fef52509000 CR3: 0000000110dbc004 CR4: 0000000000370ee0\n[ 682.146698] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 682.146700] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 682.146701] Call Trace:\n[ 682.146703] \n[ 682.146705] ? __warn+0x7b/0x130\n[ 682.146709] ? group_cpus_evenly+0x1aa/0x1c0\n[ 682.146712] ? report_bug+0x1c8/0x1e0\n[ 682.146717] ? handle_bug+0x3c/0x70\n[ 682.146721] ? exc_invalid_op+0x14/0x70\n[ 682.146723] ? asm_exc_invalid_op+0x16/0x20\n[ 682.146727] ? group_cpus_evenly+0x1aa/0x1c0\n[ 682.146729] ? group_cpus_evenly+0x15c/0x1c0\n[ 682.146731] create_affinity_masks+0xaf/0x1a0\n[ 682.146735] virtio_vdpa_find_vqs+0x83/0x1d0\n[ 682.146738] ? __pfx_default_calc_sets+0x10/0x10\n[ 682.146742] virtnet_find_vqs+0x1f0/0x370\n[ 682.146747] virtnet_probe+0x501/0xcd0\n[ 682.146749] ? vp_modern_get_status+0x12/0x20\n[ 682.146751] ? get_cap_addr.isra.0+0x10/0xc0\n[ 682.146754] virtio_dev_probe+0x1af/0x260\n[ 682.146759] really_probe+0x1a5/0x410", "A flaw was found in the Linux kernel's virtio vDPA driver. When the number of device queues exceeds the number of CPUs, the create_affinity_masks() function triggers a kernel warning in group_cpus_evenly(). This occurs because the affinity logic assumes CPUs are not fewer than queue groups, which doesn't hold for high-queue-count network devices." ], "statement" : "This issue triggers a kernel warning (WARN_ON), not a crash. It affects virtio vDPA devices, particularly network devices with many queues on systems with fewer CPUs. The warning is a debug assertion and does not compromise system stability or security in production kernels with panic_on_warn disabled.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54008\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54008\nhttps://lore.kernel.org/linux-cve-announce/2025122429-CVE-2023-54008-cfde@gregkh/T" ], "name" : "CVE-2023-54008", "csaw" : false }