CVE-2023-54278
Description
In the Linux kernel, the following vulnerability has been resolved:
s390/vmem: split pages when debug pagealloc is enabled
Since commit bb1520d581a3 ("s390/mm: start kernel with DAT enabled") the kernel crashes early during boot when debug pagealloc is enabled:
mem auto-init: stack:off, heap alloc:off, heap free:off addressing exception: 0005 ilc:2 [#1] SMP DEBUG_PAGEALLOC Modules linked in: CPU: 0 PID: 0 Comm: swapper Not tainted 6.5.0-rc3-09759-gc5666c912155 #630 [..] Krnl Code: 00000000001325f6: ec5600248064 cgrj %r5,%r6,8,000000000013263e 00000000001325fc: eb880002000c srlg %r8,%r8,2 #0000000000132602: b2210051 ipte %r5,%r1,%r0,0 >0000000000132606: b90400d1 lgr %r13,%r1 000000000013260a: 41605008 la %r6,8(%r5) 000000000013260e: a7db1000 aghi %r13,4096 0000000000132612: b221006d ipte %r6,%r13,%r0,0 0000000000132616: e3d0d0000171 lay %r13,4096(%r13)
Call Trace: __kernel_map_pages+0x14e/0x320 __free_pages_ok+0x23a/0x5a8) free_low_memory_core_early+0x214/0x2c8 memblock_free_all+0x28/0x58 mem_init+0xb6/0x228 mm_core_init+0xb6/0x3b0 start_kernel+0x1d2/0x5a8 startup_continue+0x36/0x40 Kernel panic - not syncing: Fatal exception: panic_on_oops
This is caused by using large mappings on machines with EDAT1/EDAT2. Add the code to split the mappings into 4k pages if debug pagealloc is enabled by CONFIG_DEBUG_PAGEALLOC_ENABLE_DEFAULT or the debug_pagealloc kernel command line option.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A Linux kernel bug on s390 causes a boot crash when debug pagealloc is enabled, because large memory mappings are not split into 4k pages.
Vulnerability
CVE-2023-54278 is a vulnerability in the Linux kernel affecting the s390 architecture. The root cause is that when debug pagealloc is enabled (either via CONFIG_DEBUG_PAGEALLOC_ENABLE_DEFAULT or the debug_pagealloc kernel command line option), the kernel uses large memory mappings on machines with EDAT1/EDAT2 support. This leads to a crash early during boot because the __kernel_map_pages function expects 4k pages but encounters larger mappings [1].
Exploitation
The vulnerability is triggered during the boot process, specifically in the __kernel_map_pages function called from __free_pages_ok and free_low_memory_core_early. The crash occurs as a kernel panic with an addressing exception. No special attacker access is required; the bug manifests automatically when the kernel is configured with debug pagealloc enabled on s390 systems with EDAT1/EDAT2. The attack surface is limited to local system boot, but it prevents the system from starting, resulting in a denial of service [1].
Impact
An attacker with the ability to enable debug pagealloc (e.g., via kernel command line or config) can cause a denial of service by preventing the system from booting. The impact is a system crash early in the boot process, making the system unusable. There is no indication of data corruption or privilege escalation; the primary consequence is a denial of service [1].
Mitigation
The fix, introduced in commit 601e467e29a9, adds code to split large mappings into 4k pages when debug pagealloc is enabled. This ensures compatibility with the page-level tracking required by debug pagealloc. The patch is included in stable kernel updates. Users should apply the latest kernel updates from their distribution. No workaround is mentioned other than disabling debug pagealloc if the fix cannot be applied [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
2601e467e29a9edc1e4b6e265Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.