What is CVE-2023-54108?

CVE-2023-54108 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.4.189 onward and patched in 5.4.235, 5.10.173, 5.15.99 and others. CVE-2023-54108 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-54108?

CVE-2023-54108 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-54108?

Yes, CVE-2023-54108 has been patched. Fixed versions include 5.4.235, 5.10.173, 5.15.99 and others. If you are running Linux kernel 5.4.189 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-54108 actively exploited?

CVE-2023-54108 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-54108

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests The following message and call trace was seen with debug kernels: DMA-API: qla2xxx 0000:41:00.0: device driver failed to check map error [device address=0x00000002a3ff38d8] [size=1024 bytes] [mapped as single] WARNING: CPU: 0 PID: 2930 at kernel/dma/debug.c:1017 check_unmap+0xf42/0x1990 Call Trace: debug_dma_unmap_page+0xc9/0x100 qla_nvme_ls_unmap+0x141/0x210 [qla2xxx] Remove DMA mapping from the driver altogether, as it is already done by FC layer. This prevents the warning.

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.4.189, 5.10.110, 5.15.33, 5.16.19, 5.17.2, 5.18 and later are affected. Fixed in 5.4.235, 5.10.173, 5.15.99, 6.1.16, 6.2.3, 6.3 and their respective stable series.

Affected from

≥ 5.4.189 ≥ 5.10.110 ≥ 5.15.33 ≥ 5.16.19 ≥ 5.17.2 ≥ 5.18

Fixed in

✓ 5.4.235 5.4.x ✓ 5.10.173 5.10.x ✓ 5.15.99 5.15.x ✓ 6.1.16 6.1.x ✓ 6.2.3 6.2.x ✓ 6.3

References

The following references provide additional information about CVE-2023-54108 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/3a564de3a299856f2cbd289649cea2e20d671a43
Patch
Kernel patch commit
https://git.kernel.org/stable/c/3ee4f1991c54c6707aa9df47e51c02ea25bb63e3
Patch
Kernel patch commit
https://git.kernel.org/stable/c/77302fb0e357da666d5249a6e91078feeef3dade
Patch

6 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-54108?

CVE-2023-54108 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.4.189 onward and has been patched in 5.4.235, 5.10.173, 5.15.99 and others. CVE-2023-54108 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-54108?

Yes — CVE-2023-54108 has been patched. Fixed versions include 5.4.235, 5.10.173, 5.15.99 and others. If you are running Linux kernel 5.4.189 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-54108 actively exploited?

No — CVE-2023-54108 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.