{"id":"CVE-2023-54117","summary":"s390/dcssblk: fix kernel crash with list_add corruption","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dcssblk: fix kernel crash with list_add corruption\n\nCommit fb08a1908cb1 (\"dax: simplify the dax_device \u003c-\u003e gendisk\nassociation\") introduced new logic for gendisk association, requiring\ndrivers to explicitly call dax_add_host() and dax_remove_host().\n\nFor dcssblk driver, some dax_remove_host() calls were missing, e.g. in\ndevice remove path. The commit also broke error handling for out_dax case\nin device add path, resulting in an extra put_device() w/o the previous\nget_device() in that case.\n\nThis lead to stale xarray entries after device add / remove cycles. In the\ncase when a previously used struct gendisk pointer (xarray index) would be\nused again, because blk_alloc_disk() happened to return such a pointer, the\nxa_insert() in dax_add_host() would fail and go to out_dax, doing the extra\nput_device() in the error path. In combination with an already flawed error\nhandling in dcssblk (device_register() cleanup), which needs to be\naddressed in a separate patch, this resulted in a missing device_del() /\nklist_del(), and eventually in the kernel crash with list_add corruption on\na subsequent device_add() / klist_add().\n\nFix this by adding the missing dax_remove_host() calls, and also move the\nput_device() in the error path to restore the previous logic.","modified":"2026-04-02T09:45:36.762521Z","published":"2025-12-24T13:06:38.311Z","related":["SUSE-SU-2026:0278-1","SUSE-SU-2026:0281-1","SUSE-SU-2026:0293-1","SUSE-SU-2026:0315-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54117.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/6489ec0107860345bc57dcde39e63dfb05ac5c11"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b5c531a9a7d8e047c90c909f09cef06a9f8e62f4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b7ad75c77349beb4983b9f27108d9b3f33ae1413"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c8f40a0bccefd613748d080147469a4652d6e74c"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54117.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-54117"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"fb08a1908cb119a4585611d91461ab6d27756b14"},{"fixed":"6489ec0107860345bc57dcde39e63dfb05ac5c11"},{"fixed":"b7ad75c77349beb4983b9f27108d9b3f33ae1413"},{"fixed":"b5c531a9a7d8e047c90c909f09cef06a9f8e62f4"},{"fixed":"c8f40a0bccefd613748d080147469a4652d6e74c"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-54117.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.17.0"},{"fixed":"6.1.53"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.4.16"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.5.0"},{"fixed":"6.5.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-54117.json"}}],"schema_version":"1.7.5"}