{
  "affected": [
    {
      "ecosystem_specific": {
        "urgency": "not yet assigned"
      },
      "package": {
        "ecosystem": "Debian:13",
        "name": "linux"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.3.7-1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "ecosystem_specific": {
        "urgency": "not yet assigned"
      },
      "package": {
        "ecosystem": "Debian:14",
        "name": "linux"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.3.7-1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "In the Linux kernel, the following vulnerability has been resolved:  iommufd: Do not corrupt the pfn list when doing batch carry  If batch-\u003eend is 0 then setting npfns[0] before computing the new value of pfns will fail to adjust the pfn and result in various page accounting corruptions. It should be ordered after.  This seems to result in various kinds of page meta-data corruption related failures:    WARNING: CPU: 1 PID: 527 at mm/gup.c:75 try_grab_folio+0x503/0x740   Modules linked in:   CPU: 1 PID: 527 Comm: repro Not tainted 6.3.0-rc2-eeac8ede1755+ #1   Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014   RIP: 0010:try_grab_folio+0x503/0x740   Code: e3 01 48 89 de e8 6d c1 dd ff 48 85 db 0f 84 7c fe ff ff e8 4f bf dd ff 49 8d 47 ff 48 89 45 d0 e9 73 fe ff ff e8 3d bf dd ff \u003c0f\u003e 0b 31 db e9 d0 fc ff ff e8 2f bf dd ff 48 8b 5d c8 31 ff 48 89   RSP: 0018:ffffc90000f37908 EFLAGS: 00010046   RAX: 0000000000000000 RBX: 00000000fffffc02 RCX: ffffffff81504c26   RDX: 0000000000000000 RSI: ffff88800d030000 RDI: 0000000000000002   RBP: ffffc90000f37948 R08: 000000000003ca24 R09: 0000000000000008   R10: 000000000003ca00 R11: 0000000000000023 R12: ffffea000035d540   R13: 0000000000000001 R14: 0000000000000000 R15: ffffea000035d540   FS:  00007fecbf659740(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000   CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033   CR2: 00000000200011c3 CR3: 000000000ef66006 CR4: 0000000000770ee0   PKRU: 55555554   Call Trace:    \u003cTASK\u003e    internal_get_user_pages_fast+0xd32/0x2200    pin_user_pages_fast+0x65/0x90    pfn_reader_user_pin+0x376/0x390    pfn_reader_next+0x14a/0x7b0    pfn_reader_first+0x140/0x1b0    iopt_area_fill_domain+0x74/0x210    iopt_table_add_domain+0x30e/0x6e0    iommufd_device_selftest_attach+0x7f/0x140    iommufd_test+0x10ff/0x16f0    iommufd_fops_ioctl+0x206/0x330    __x64_sys_ioctl+0x10e/0x160    do_syscall_64+0x3b/0x90    entry_SYSCALL_64_after_hwframe+0x72/0xdc",
  "id": "DEBIAN-CVE-2023-53236",
  "modified": "2026-04-28T19:51:17.008492248Z",
  "published": "2025-09-15T15:15:50.660Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://security-tracker.debian.org/tracker/CVE-2023-53236"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "upstream": [
    "CVE-2023-53236"
  ]
}