What is CVE-2023-54267?

CVE-2023-54267 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 3.12 onward and patched in 5.10.195, 5.15.132, 6.1.53 and others. CVE-2023-54267 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-54267?

CVE-2023-54267 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-54267?

Yes, CVE-2023-54267 has been patched. Fixed versions include 5.10.195, 5.15.132, 6.1.53 and others. If you are running Linux kernel 3.12 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-54267 actively exploited?

CVE-2023-54267 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-54267

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT lppaca_shared_proc() takes a pointer to the lppaca which is typically accessed through get_lppaca(). With DEBUG_PREEMPT enabled, this leads to checking if preemption is enabled, for example: BUG: using smp_processor_id() in preemptible [00000000] code: grep/10693 caller is lparcfg_data+0x408/0x19a0 CPU: 4 PID: 10693 Comm: grep Not tainted 6.5.0-rc3 #2 Call Trace: dump_stack_lvl+0x154/0x200 (unreliable) check_preemption_disabled+0x214/0x220 lparcfg_data+0x408/0x19a0 ... This isn't actually a problem however, as it does not matter which lppaca is accessed, the shared proc state will be the same. vcpudispatch_stats_procfs_init() already works around this by disabling preemption, but the lparcfg code does not, erroring any time /proc/powerpc/lparcfg is accessed with DEBUG_PREEMPT enabled. Instead of disabling preemption on the caller side, rework lppaca_shared_proc() to not take a pointer and instead directly access the lppaca, bypassing any potential preemption checks. [mpe: Rework to avoid needing a definition in paca.h and lppaca.h]

Package Linux Kernel

Published 2025-12-30

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 3.12 and later are affected. Fixed in 5.10.195, 5.15.132, 6.1.53, 6.4.16, 6.5.3, 6.6 and their respective stable series.

Affected from

≥ 3.12

Fixed in

✓ 5.10.195 5.10.x ✓ 5.15.132 5.15.x ✓ 6.1.53 6.1.x ✓ 6.4.16 6.4.x ✓ 6.5.3 6.5.x ✓ 6.6

References

The following references provide additional information about CVE-2023-54267 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/2935443dc9c28499223d8c881474259e4b998f2a
Patch
Kernel patch commit
https://git.kernel.org/stable/c/3c5e8e666794d7dde6d14ea846c6c04f2bb34900
Patch
Kernel patch commit
https://git.kernel.org/stable/c/4c8568cf4c45b415854195c8832b557cdefba57a
Patch

6 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-54267?

CVE-2023-54267 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 3.12 onward and has been patched in 5.10.195, 5.15.132, 6.1.53 and others. CVE-2023-54267 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-54267?

Yes — CVE-2023-54267 has been patched. Fixed versions include 5.10.195, 5.15.132, 6.1.53 and others. If you are running Linux kernel 3.12 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-54267 actively exploited?

No — CVE-2023-54267 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.