ghsa-v2v9-hx36-32x2
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
virtio_pmem: add the missing REQ_OP_WRITE for flush bio
When doing mkfs.xfs on a pmem device, the following warning was
------------[ cut here ]------------ WARNING: CPU: 2 PID: 384 at block/blk-core.c:751 submit_bio_noacct Modules linked in: CPU: 2 PID: 384 Comm: mkfs.xfs Not tainted 6.4.0-rc7+ #154 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:submit_bio_noacct+0x340/0x520 ...... Call Trace: ? submit_bio_noacct+0xd5/0x520 submit_bio+0x37/0x60 async_pmem_flush+0x79/0xa0 nvdimm_flush+0x17/0x40 pmem_submit_bio+0x370/0x390 __submit_bio+0xbc/0x190 submit_bio_noacct_nocheck+0x14d/0x370 submit_bio_noacct+0x1ef/0x520 submit_bio+0x55/0x60 submit_bio_wait+0x5a/0xc0 blkdev_issue_flush+0x44/0x60
The root cause is that submit_bio_noacct() needs bio_op() is either WRITE or ZONE_APPEND for flush bio and async_pmem_flush() doesn't assign REQ_OP_WRITE when allocating flush bio, so submit_bio_noacct just fail the flush bio.
Simply fix it by adding the missing REQ_OP_WRITE for flush bio. And we could fix the flush order issue and do flush optimization later.
{
"affected": [],
"aliases": [
"CVE-2023-54089"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-24T13:16:10Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_pmem: add the missing REQ_OP_WRITE for flush bio\n\nWhen doing mkfs.xfs on a pmem device, the following warning was\n\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 384 at block/blk-core.c:751 submit_bio_noacct\n Modules linked in:\n CPU: 2 PID: 384 Comm: mkfs.xfs Not tainted 6.4.0-rc7+ #154\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n RIP: 0010:submit_bio_noacct+0x340/0x520\n ......\n Call Trace:\n \u003cTASK\u003e\n ? submit_bio_noacct+0xd5/0x520\n submit_bio+0x37/0x60\n async_pmem_flush+0x79/0xa0\n nvdimm_flush+0x17/0x40\n pmem_submit_bio+0x370/0x390\n __submit_bio+0xbc/0x190\n submit_bio_noacct_nocheck+0x14d/0x370\n submit_bio_noacct+0x1ef/0x520\n submit_bio+0x55/0x60\n submit_bio_wait+0x5a/0xc0\n blkdev_issue_flush+0x44/0x60\n\nThe root cause is that submit_bio_noacct() needs bio_op() is either\nWRITE or ZONE_APPEND for flush bio and async_pmem_flush() doesn\u0027t assign\nREQ_OP_WRITE when allocating flush bio, so submit_bio_noacct just fail\nthe flush bio.\n\nSimply fix it by adding the missing REQ_OP_WRITE for flush bio. And we\ncould fix the flush order issue and do flush optimization later.",
"id": "GHSA-v2v9-hx36-32x2",
"modified": "2025-12-24T15:30:37Z",
"published": "2025-12-24T15:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54089"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c1dbd8a849183b9c12d257ad3043ecec50db50b3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c7ab7e45ccef209809f8c2b00f497deec06b29c0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e39e870e1e683a71d3d2e63e661a5695f60931a7"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.