CVE-2023-52659: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type On 64-bit platforms, the pfn_to_kaddr() macro requires that the input value is 64 bits in order to ensure that valid address bits don't get lost when shifting that input by PAGE_SHIFT to calculate the physical address to provide a virtual address for. One such example is in pvalidate_pages() (used by SEV-SNP guests), where the GFN in the struct used for page-state change requests is a 40-bit bit-field, so attempts to pass this GFN field directly into pfn_to_kaddr() ends up causing guest crashes when dealing with addresses above the 1TB range due to the above. Fix this issue with SEV-SNP guests, as well as any similar cases that might cause issues in current/future code, by using an inline function, instead of a macro, so that the input is implicitly cast to the expected 64-bit input type prior to performing the shift operation. While it might be argued that the issue is on the caller side, other archs/macros have taken similar approaches to deal with instances like this, such as ARM explicitly casting the input to phys_addr_t: e48866647b48 ("ARM: 8396/1: use phys_addr_t in pfn_to_kaddr()") A C inline function is even better though. [ mingo: Refined the changelog some more & added __always_inline. ]
AI Analysis
Technical Summary
CVE-2023-52659 is a vulnerability identified in the Linux kernel affecting 64-bit platforms, specifically related to the handling of physical frame numbers (PFNs) in the pfn_to_kaddr() macro. The vulnerability arises because the macro expects a 64-bit input to correctly calculate the physical address by shifting the PFN by PAGE_SHIFT. However, in some cases, such as in the pvalidate_pages() function used by SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging) guests, the input PFN is a 40-bit bit-field (Guest Frame Number, GFN). Passing this smaller bit-field directly into the macro causes the upper bits to be lost during the shift operation, leading to incorrect address calculations. This can cause guest crashes when dealing with addresses above the 1TB range. The root cause is that the macro does not enforce or ensure the input is treated as a 64-bit value before shifting, which is critical for correct address computation on 64-bit architectures. The fix implemented replaces the macro with an inline function that implicitly casts the input to a 64-bit type before performing the shift, preventing the loss of significant bits and ensuring correct address translation. This approach aligns with similar fixes applied in other architectures like ARM, where phys_addr_t casting is used. While the issue might be considered a caller-side problem, the inline function solution is more robust and future-proof. The vulnerability affects Linux kernel versions identified by the commit hash 6c3211796326a9d35618b866826ca556c8f008a8 and was published on May 17, 2024. There are no known exploits in the wild at this time.
Potential Impact
For European organizations, the impact of CVE-2023-52659 primarily concerns systems running Linux kernels on 64-bit platforms that utilize SEV-SNP technology or similar virtualization features relying on pfn_to_kaddr() for address translation. SEV-SNP is used to enhance security in virtualized environments by encrypting guest memory, which is particularly relevant for cloud providers, data centers, and enterprises leveraging confidential computing. The vulnerability can cause guest virtual machines to crash when accessing memory addresses above 1TB, potentially leading to denial of service conditions in critical workloads. This could disrupt services, cause data availability issues, and impact business continuity. Although the vulnerability does not appear to allow privilege escalation or direct code execution, the instability and crashes in virtualized environments can have cascading effects on multi-tenant cloud infrastructures and sensitive workloads. Given the widespread adoption of Linux in European public and private sectors, including government, finance, and telecommunications, the risk of operational disruption is significant if unpatched systems are exploited or encounter this flaw. However, the lack of known exploits and the requirement for specific virtualization configurations somewhat limit the immediate threat scope.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel versions to include the patch that replaces the pfn_to_kaddr() macro with the inline function ensuring 64-bit input casting. This update is critical for any systems running SEV-SNP guests or similar virtualization technologies that handle large memory addresses. System administrators should audit their environments to identify affected kernel versions and virtualization setups. Additionally, organizations should implement rigorous testing of kernel updates in staging environments to verify stability and compatibility with existing workloads. For cloud providers and data centers, monitoring guest VM crashes and memory-related errors can help detect potential exploitation or manifestation of this vulnerability. Where immediate patching is not feasible, limiting the use of memory addresses above 1TB in guest configurations or disabling SEV-SNP features temporarily could reduce crash risks. Finally, maintaining strong system inventory and patch management processes will ensure timely deployment of kernel updates as they become available.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Denmark, Italy, Spain
CVE-2023-52659: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type On 64-bit platforms, the pfn_to_kaddr() macro requires that the input value is 64 bits in order to ensure that valid address bits don't get lost when shifting that input by PAGE_SHIFT to calculate the physical address to provide a virtual address for. One such example is in pvalidate_pages() (used by SEV-SNP guests), where the GFN in the struct used for page-state change requests is a 40-bit bit-field, so attempts to pass this GFN field directly into pfn_to_kaddr() ends up causing guest crashes when dealing with addresses above the 1TB range due to the above. Fix this issue with SEV-SNP guests, as well as any similar cases that might cause issues in current/future code, by using an inline function, instead of a macro, so that the input is implicitly cast to the expected 64-bit input type prior to performing the shift operation. While it might be argued that the issue is on the caller side, other archs/macros have taken similar approaches to deal with instances like this, such as ARM explicitly casting the input to phys_addr_t: e48866647b48 ("ARM: 8396/1: use phys_addr_t in pfn_to_kaddr()") A C inline function is even better though. [ mingo: Refined the changelog some more & added __always_inline. ]
AI-Powered Analysis
Technical Analysis
CVE-2023-52659 is a vulnerability identified in the Linux kernel affecting 64-bit platforms, specifically related to the handling of physical frame numbers (PFNs) in the pfn_to_kaddr() macro. The vulnerability arises because the macro expects a 64-bit input to correctly calculate the physical address by shifting the PFN by PAGE_SHIFT. However, in some cases, such as in the pvalidate_pages() function used by SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging) guests, the input PFN is a 40-bit bit-field (Guest Frame Number, GFN). Passing this smaller bit-field directly into the macro causes the upper bits to be lost during the shift operation, leading to incorrect address calculations. This can cause guest crashes when dealing with addresses above the 1TB range. The root cause is that the macro does not enforce or ensure the input is treated as a 64-bit value before shifting, which is critical for correct address computation on 64-bit architectures. The fix implemented replaces the macro with an inline function that implicitly casts the input to a 64-bit type before performing the shift, preventing the loss of significant bits and ensuring correct address translation. This approach aligns with similar fixes applied in other architectures like ARM, where phys_addr_t casting is used. While the issue might be considered a caller-side problem, the inline function solution is more robust and future-proof. The vulnerability affects Linux kernel versions identified by the commit hash 6c3211796326a9d35618b866826ca556c8f008a8 and was published on May 17, 2024. There are no known exploits in the wild at this time.
Potential Impact
For European organizations, the impact of CVE-2023-52659 primarily concerns systems running Linux kernels on 64-bit platforms that utilize SEV-SNP technology or similar virtualization features relying on pfn_to_kaddr() for address translation. SEV-SNP is used to enhance security in virtualized environments by encrypting guest memory, which is particularly relevant for cloud providers, data centers, and enterprises leveraging confidential computing. The vulnerability can cause guest virtual machines to crash when accessing memory addresses above 1TB, potentially leading to denial of service conditions in critical workloads. This could disrupt services, cause data availability issues, and impact business continuity. Although the vulnerability does not appear to allow privilege escalation or direct code execution, the instability and crashes in virtualized environments can have cascading effects on multi-tenant cloud infrastructures and sensitive workloads. Given the widespread adoption of Linux in European public and private sectors, including government, finance, and telecommunications, the risk of operational disruption is significant if unpatched systems are exploited or encounter this flaw. However, the lack of known exploits and the requirement for specific virtualization configurations somewhat limit the immediate threat scope.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel versions to include the patch that replaces the pfn_to_kaddr() macro with the inline function ensuring 64-bit input casting. This update is critical for any systems running SEV-SNP guests or similar virtualization technologies that handle large memory addresses. System administrators should audit their environments to identify affected kernel versions and virtualization setups. Additionally, organizations should implement rigorous testing of kernel updates in staging environments to verify stability and compatibility with existing workloads. For cloud providers and data centers, monitoring guest VM crashes and memory-related errors can help detect potential exploitation or manifestation of this vulnerability. Where immediate patching is not feasible, limiting the use of memory addresses above 1TB in guest configurations or disabling SEV-SNP features temporarily could reduce crash risks. Finally, maintaining strong system inventory and patch management processes will ensure timely deployment of kernel updates as they become available.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-03-07T14:49:46.884Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9830c4522896dcbe7209
Added to database: 5/21/2025, 9:09:04 AM
Last enriched: 7/1/2025, 5:25:31 AM
Last updated: 7/31/2025, 5:12:17 PM
Views: 14
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.