What is CVE-2023-54278?

CVE-2023-54278 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 6.3 onward and patched in 6.4.10 and 6.5. CVE-2023-54278 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-54278?

CVE-2023-54278 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-54278?

Yes, CVE-2023-54278 has been patched. Fixed versions include 6.4.10 and 6.5. If you are running Linux kernel 6.3 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-54278 actively exploited?

CVE-2023-54278 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-54278

In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 ("s390/mm: start kernel with DAT enabled") the kernel crashes early during boot when debug pagealloc is enabled: mem auto-init: stack:off, heap alloc:off, heap free:off addressing exception: 0005 ilc:2 [#1] SMP DEBUG_PAGEALLOC Modules linked in: CPU: 0 PID: 0 Comm: swapper Not tainted 6.5.0-rc3-09759-gc5666c912155 #630 [..] Krnl Code: 00000000001325f6: ec5600248064 cgrj %r5,%r6,8,000000000013263e 00000000001325fc: eb880002000c srlg %r8,%r8,2 #0000000000132602: b2210051 ipte %r5,%r1,%r0,0 >0000000000132606: b90400d1 lgr %r13,%r1 000000000013260a: 41605008 la %r6,8(%r5) 000000000013260e: a7db1000 aghi %r13,4096 0000000000132612: b221006d ipte %r6,%r13,%r0,0 0000000000132616: e3d0d0000171 lay %r13,4096(%r13) Call Trace: __kernel_map_pages+0x14e/0x320 __free_pages_ok+0x23a/0x5a8) free_low_memory_core_early+0x214/0x2c8 memblock_free_all+0x28/0x58 mem_init+0xb6/0x228 mm_core_init+0xb6/0x3b0 start_kernel+0x1d2/0x5a8 startup_continue+0x36/0x40 Kernel panic - not syncing: Fatal exception: panic_on_oops This is caused by using large mappings on machines with EDAT1/EDAT2. Add the code to split the mappings into 4k pages if debug pagealloc is enabled by CONFIG_DEBUG_PAGEALLOC_ENABLE_DEFAULT or the debug_pagealloc kernel command line option.

Package Linux Kernel

Published 2025-12-30

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 6.3 and later are affected. Fixed in 6.4.10, 6.5 and their respective stable series.

Affected from

≥ 6.3

Fixed in

✓ 6.4.10 6.4.x ✓ 6.5

References

The following references provide additional information about CVE-2023-54278 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/601e467e29a960f7ab7ec4075afc6a68c3532a65
Patch
Kernel patch commit
https://git.kernel.org/stable/c/edc1e4b6e26536868ef819a735e04a5b32c10589
Patch

Frequently asked questions

What is CVE-2023-54278?

CVE-2023-54278 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.3 onward and has been patched in 6.4.10 and 6.5. CVE-2023-54278 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-54278?

Yes — CVE-2023-54278 has been patched. Fixed versions include 6.4.10 and 6.5. If you are running Linux kernel 6.3 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-54278 actively exploited?

No — CVE-2023-54278 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.