VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Apr 15, 2026

CVE-2023-54257

CVE-2023-54257

Description

In the Linux kernel, the following vulnerability has been resolved:

net: macb: fix a memory corruption in extended buffer descriptor mode

For quite some time we were chasing a bug which looked like a sudden permanent failure of networking and mmc on some of our devices. The bug was very sensitive to any software changes and even more to any kernel debug options.

Finally we got a setup where the problem was reproducible with CONFIG_DMA_API_DEBUG=y and it revealed the issue with the rx dma:

[ 16.992082] ------------[ cut here ]------------ [ 16.996779] DMA-API: macb ff0b0000.ethernet: device driver tries to free DMA memory it has not allocated [device address=0x0000000875e3e244] [size=1536 bytes] [ 17.011049] WARNING: CPU: 0 PID: 85 at kernel/dma/debug.c:1011 check_unmap+0x6a0/0x900 [ 17.018977] Modules linked in: xxxxx [ 17.038823] CPU: 0 PID: 85 Comm: irq/55-8000f000 Not tainted 5.4.0 #28 [ 17.045345] Hardware name: xxxxx [ 17.049528] pstate: 60000005 (nZCv daif -PAN -UAO) [ 17.054322] pc : check_unmap+0x6a0/0x900 [ 17.058243] lr : check_unmap+0x6a0/0x900 [ 17.062163] sp : ffffffc010003c40 [ 17.065470] x29: ffffffc010003c40 x28: 000000004000c03c [ 17.070783] x27: ffffffc010da7048 x26: ffffff8878e38800 [ 17.076095] x25: ffffff8879d22810 x24: ffffffc010003cc8 [ 17.081407] x23: 0000000000000000 x22: ffffffc010a08750 [ 17.086719] x21: ffffff8878e3c7c0 x20: ffffffc010acb000 [ 17.092032] x19: 0000000875e3e244 x18: 0000000000000010 [ 17.097343] x17: 0000000000000000 x16: 0000000000000000 [ 17.102647] x15: ffffff8879e4a988 x14: 0720072007200720 [ 17.107959] x13: 0720072007200720 x12: 0720072007200720 [ 17.113261] x11: 0720072007200720 x10: 0720072007200720 [ 17.118565] x9 : 0720072007200720 x8 : 000000000000022d [ 17.123869] x7 : 0000000000000015 x6 : 0000000000000098 [ 17.129173] x5 : 0000000000000000 x4 : 0000000000000000 [ 17.134475] x3 : 00000000ffffffff x2 : ffffffc010a1d370 [ 17.139778] x1 : b420c9d75d27bb00 x0 : 0000000000000000 [ 17.145082] Call trace: [ 17.147524] check_unmap+0x6a0/0x900 [ 17.151091] debug_dma_unmap_page+0x88/0x90 [ 17.155266] gem_rx+0x114/0x2f0 [ 17.158396] macb_poll+0x58/0x100 [ 17.161705] net_rx_action+0x118/0x400 [ 17.165445] __do_softirq+0x138/0x36c [ 17.169100] irq_exit+0x98/0xc0 [ 17.172234] __handle_domain_irq+0x64/0xc0 [ 17.176320] gic_handle_irq+0x5c/0xc0 [ 17.179974] el1_irq+0xb8/0x140 [ 17.183109] xiic_process+0x5c/0xe30 [ 17.186677] irq_thread_fn+0x28/0x90 [ 17.190244] irq_thread+0x208/0x2a0 [ 17.193724] kthread+0x130/0x140 [ 17.196945] ret_from_fork+0x10/0x20 [ 17.200510] ---[ end trace 7240980785f81d6f ]---

[ 237.021490] ------------[ cut here ]------------ [ 237.026129] DMA-API: exceeded 7 overlapping mappings of cacheline 0x0000000021d79e7b [ 237.033886] WARNING: CPU: 0 PID: 0 at kernel/dma/debug.c:499 add_dma_entry+0x214/0x240 [ 237.041802] Modules linked in: xxxxx [ 237.061637] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 5.4.0 #28 [ 237.068941] Hardware name: xxxxx [ 237.073116] pstate: 80000085 (Nzcv daIf -PAN -UAO) [ 237.077900] pc : add_dma_entry+0x214/0x240 [ 237.081986] lr : add_dma_entry+0x214/0x240 [ 237.086072] sp : ffffffc010003c30 [ 237.089379] x29: ffffffc010003c30 x28: ffffff8878a0be00 [ 237.094683] x27: 0000000000000180 x26: ffffff8878e387c0 [ 237.099987] x25: 0000000000000002 x24: 0000000000000000 [ 237.105290] x23: 000000000000003b x22: ffffffc010a0fa00 [ 237.110594] x21: 0000000021d79e7b x20: ffffffc010abe600 [ 237.115897] x19: 00000000ffffffef x18: 0000000000000010 [ 237.121201] x17: 0000000000000000 x16: 0000000000000000 [ 237.126504] x15: ffffffc010a0fdc8 x14: 0720072007200720 [ 237.131807] x13: 0720072007200720 x12: 0720072007200720 [ 237.137111] x11: 0720072007200720 x10: 0720072007200720 [ 237.142415] x9 : 0720072007200720 x8 : 0000000000000259 [ 237.147718] x7 : 0000000000000001 x6 : 0000000000000000 [ 237.15302 ---truncated---

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in the Linux kernel's Cadence MACB Ethernet driver, triggered by incorrect buffer management in extended descriptor mode, can cause system instability.

Vulnerability

Analysis

CVE-2023-54257 is a memory corruption vulnerability in the Linux kernel's Cadence MACB Ethernet driver. The root cause lies in the driver's handling of receive (RX) DMA buffers when operating in extended buffer descriptor (BD) mode. The driver incorrectly frees DMA memory that was not allocated under certain conditions, leading to a memory corruption. This was discovered through the use of CONFIG_DMA_API_DEBUG, which caught the driver attempting to unmap a DMA region it had not allocated. The issue is demonstrated by a kernel warning trace showing the problematic address 0x0000000875e3e244 [1].

Attack

Vector and Exploitation

The vulnerability is triggered during normal networking operations when the kernel receives packets and attempts to manage the RX descriptor rings. The affected function is a part of the error recovery or descriptor management path. The attack surface is the networking stack accessible to any party sending packets to a device using the Cadence MACB driver. While the bug is reproducible without specific attacker actions, it is a reliability flaw rather than a direct security vulnerability. Exploitation would require an attacker to trigger the specific hardware/software conditions that cause the DMA mapping inconsistency. The bug was noted to be very sensitive to software changes and kernel debug options.

Impact

The primary impact is system instability leading to a permanent failure of networking and potentially other hardware components like MMC (MultiMediaCard). The kernel warning indicates a potential memory corruption that could lead to a system crash (panic) or undefined behavior. The vulnerability affects the stability of running systems, making it a correctness and reliability issue in the Linux kernel's networking subsystem.

Mitigation

Patches have been applied to the Linux kernel stable trees. The fix addresses the DMA memory management by ensuring correct allocation and deallocation in extended BD mode. Users should update their Linux kernel to a version containing the fix from commits like those referenced in [1], [2], and [3]. There is no known workaround for this bug other than applying the kernel update.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

8
5dcf3a6843d0
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
e8b744535558
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
dd7a49a3eaf7
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
82e626af2468
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
7169d1638824
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
1bec9da233f7
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
7ccc58a1a756
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
9412a9bf5952
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

8

News mentions

0

No linked articles in our index yet.