What is CVE-2023-54089?

CVE-2023-54089 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 6.3 onward and patched in 6.4.16, 6.5.3 and 6.6. CVE-2023-54089 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-54089?

CVE-2023-54089 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-54089?

Yes, CVE-2023-54089 has been patched. Fixed versions include 6.4.16, 6.5.3 and 6.6. If you are running Linux kernel 6.3 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-54089 actively exploited?

CVE-2023-54089 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-54089

In the Linux kernel, the following vulnerability has been resolved: virtio_pmem: add the missing REQ_OP_WRITE for flush bio When doing mkfs.xfs on a pmem device, the following warning was ------------[ cut here ]------------ WARNING: CPU: 2 PID: 384 at block/blk-core.c:751 submit_bio_noacct Modules linked in: CPU: 2 PID: 384 Comm: mkfs.xfs Not tainted 6.4.0-rc7+ #154 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:submit_bio_noacct+0x340/0x520 ...... Call Trace: <TASK> ? submit_bio_noacct+0xd5/0x520 submit_bio+0x37/0x60 async_pmem_flush+0x79/0xa0 nvdimm_flush+0x17/0x40 pmem_submit_bio+0x370/0x390 __submit_bio+0xbc/0x190 submit_bio_noacct_nocheck+0x14d/0x370 submit_bio_noacct+0x1ef/0x520 submit_bio+0x55/0x60 submit_bio_wait+0x5a/0xc0 blkdev_issue_flush+0x44/0x60 The root cause is that submit_bio_noacct() needs bio_op() is either WRITE or ZONE_APPEND for flush bio and async_pmem_flush() doesn't assign REQ_OP_WRITE when allocating flush bio, so submit_bio_noacct just fail the flush bio. Simply fix it by adding the missing REQ_OP_WRITE for flush bio. And we could fix the flush order issue and do flush optimization later.

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 6.3 and later are affected. Fixed in 6.4.16, 6.5.3, 6.6 and their respective stable series.

Affected from

≥ 6.3

Fixed in

✓ 6.4.16 6.4.x ✓ 6.5.3 6.5.x ✓ 6.6

References

The following references provide additional information about CVE-2023-54089 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/c1dbd8a849183b9c12d257ad3043ecec50db50b3
Patch
Kernel patch commit
https://git.kernel.org/stable/c/c7ab7e45ccef209809f8c2b00f497deec06b29c0
Patch
Kernel patch commit
https://git.kernel.org/stable/c/e39e870e1e683a71d3d2e63e661a5695f60931a7
Patch

Frequently asked questions

What is CVE-2023-54089?

CVE-2023-54089 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.3 onward and has been patched in 6.4.16, 6.5.3 and 6.6. CVE-2023-54089 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-54089?

Yes — CVE-2023-54089 has been patched. Fixed versions include 6.4.16, 6.5.3 and 6.6. If you are running Linux kernel 6.3 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-54089 actively exploited?

No — CVE-2023-54089 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.