CVE-2023-54267
Description
In the Linux kernel, the following vulnerability has been resolved:
powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT
lppaca_shared_proc() takes a pointer to the lppaca which is typically accessed through get_lppaca(). With DEBUG_PREEMPT enabled, this leads to checking if preemption is enabled, for example:
BUG: using smp_processor_id() in preemptible [00000000] code: grep/10693 caller is lparcfg_data+0x408/0x19a0 CPU: 4 PID: 10693 Comm: grep Not tainted 6.5.0-rc3 #2 Call Trace: dump_stack_lvl+0x154/0x200 (unreliable) check_preemption_disabled+0x214/0x220 lparcfg_data+0x408/0x19a0 ...
This isn't actually a problem however, as it does not matter which lppaca is accessed, the shared proc state will be the same. vcpudispatch_stats_procfs_init() already works around this by disabling preemption, but the lparcfg code does not, erroring any time /proc/powerpc/lparcfg is accessed with DEBUG_PREEMPT enabled.
Instead of disabling preemption on the caller side, rework lppaca_shared_proc() to not take a pointer and instead directly access the lppaca, bypassing any potential preemption checks.
[mpe: Rework to avoid needing a definition in paca.h and lppaca.h]
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Linux kernel powerpc/pseries bug triggers DEBUG_PREEMPT splat when reading /proc/powerpc/lparcfg; fixed by reworking lppaca_shared_proc().
Vulnerability
Description
The vulnerability is in the Linux kernel's powerpc/pseries code. The function lppaca_shared_proc() takes a pointer to the lppaca structure, typically obtained via get_lppaca(). When DEBUG_PREEMPT is enabled, using smp_processor_id() inside this function triggers a preemption check warning, resulting in a kernel splat. This is a false positive because the shared processor state is the same regardless of which lppaca is accessed.
Exploitation
Context
The attack surface is a local user accessing the /proc/powerpc/lparcfg file, which invokes the lparcfg_data function and triggers the splat. No special privileges are required beyond local access. This is not a security vulnerability that leads to privilege escalation or remote code execution, but it causes a denial-of-service-like kernel warning message.
Impact
The impact is limited to a kernel warning (a BUG splat) that can fill logs and potentially disrupt operation if monitored. There is no evidence of memory corruption or system compromise. The bug primarily affects systems running kernels with DEBUG_PREEMPT enabled, typically for debugging purposes.
Mitigation
The fix reworks lppaca_shared_proc() to directly access the lppaca without taking a pointer, bypassing the preemption checks. The patch has been applied to the stable kernel trees (commits [1] and [2]). Users should update to a patched kernel version.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
6953c54dfdc5d2935443dc9c24c8568cf4c453c5e8e666794f45ee5c07401eac030b22ea1Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- git.kernel.org/stable/c/2935443dc9c28499223d8c881474259e4b998f2anvd
- git.kernel.org/stable/c/3c5e8e666794d7dde6d14ea846c6c04f2bb34900nvd
- git.kernel.org/stable/c/4c8568cf4c45b415854195c8832b557cdefba57anvd
- git.kernel.org/stable/c/953c54dfdc5d3eb7243ed902b50acb5ea1db4355nvd
- git.kernel.org/stable/c/eac030b22ea12cdfcbb2e941c21c03964403c63fnvd
- git.kernel.org/stable/c/f45ee5c074013a0fbfce77a5af5efddb01f5d4f4nvd
News mentions
0No linked articles in our index yet.