VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2023-54089

CVE-2023-54089

Description

In the Linux kernel, the following vulnerability has been resolved:

virtio_pmem: add the missing REQ_OP_WRITE for flush bio

When doing mkfs.xfs on a pmem device, the following warning was

------------[ cut here ]------------ WARNING: CPU: 2 PID: 384 at block/blk-core.c:751 submit_bio_noacct Modules linked in: CPU: 2 PID: 384 Comm: mkfs.xfs Not tainted 6.4.0-rc7+ #154 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:submit_bio_noacct+0x340/0x520 ...... Call Trace:

? submit_bio_noacct+0xd5/0x520 submit_bio+0x37/0x60 async_pmem_flush+0x79/0xa0 nvdimm_flush+0x17/0x40 pmem_submit_bio+0x370/0x390 __submit_bio+0xbc/0x190 submit_bio_noacct_nocheck+0x14d/0x370 submit_bio_noacct+0x1ef/0x520 submit_bio+0x55/0x60 submit_bio_wait+0x5a/0xc0 blkdev_issue_flush+0x44/0x60

The root cause is that submit_bio_noacct() needs bio_op() is either WRITE or ZONE_APPEND for flush bio and async_pmem_flush() doesn't assign REQ_OP_WRITE when allocating flush bio, so submit_bio_noacct just fail the flush bio.

Simply fix it by adding the missing REQ_OP_WRITE for flush bio. And we could fix the flush order issue and do flush optimization later.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A missing REQ_OP_WRITE flag in the Linux kernel's virtio_pmem driver causes a kernel warning and potential denial of service when performing flush operations on persistent memory devices.

Vulnerability

In the Linux kernel's virtio_pmem driver, the async_pmem_flush() function allocates a flush bio without setting the REQ_OP_WRITE operation flag. The block layer's submit_bio_noacct() requires flush bios to have either REQ_OP_WRITE or REQ_OP_ZONE_APPEND, so the missing flag causes a kernel warning and the flush request fails [1].

Exploitation

The vulnerability is triggered during filesystem operations that issue flush requests, such as mkfs.xfs on a pmem device. An attacker with local access and the ability to trigger such operations (e.g., by mounting a filesystem on a virtio-pmem device) can cause the kernel warning. No special privileges beyond normal user access to the device are required [1].

Impact

The immediate impact is a kernel warning and a failed flush operation, which can lead to data integrity issues or denial of service. The warning may also be used to disrupt system stability. The fix adds the missing REQ_OP_WRITE flag to the flush bio [1].

Mitigation

The fix has been committed to the Linux kernel stable tree (commit e39e870e1e68). Users should apply the patch or update to a kernel version containing the fix. No workaround is mentioned [1].

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

3
c7ab7e45ccef
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
c1dbd8a84918
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
e39e870e1e68
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.