CVE-2023-0160 — Deadlock in Kernel

CWE-833 — Deadlock CWE-667 — Improper Locking8 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 98.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Fedoraproject Fedora +1 more

Timeline

PublishedJul 18

Latest updateJun 13

Description

A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/linux< linux 6.1.85-1 (bookworm)

▶NVDlinux/linux_kernel< 6.4

▶Debianlinux/linux_kernel< 5.10.216-1+3

▶msrcmsrc/cbl2_kernel_5.15.131.1-2_on_cbl_mariner_2.0

Also affects: Fedora 38

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

CVE-2023-0160: A deadlock flaw was found in the Linux kernel’s BPF subsystem↗2023-07-18

▶

GHSA

GHSA-m24r-p59v-q652: A deadlock flaw was found in the Linux kernel’s BPF subsystem↗2023-07-18

▶

📋Vendor Advisories

CISA ICS

Siemens TIM 1531 IRC↗2024-06-13

▶

CISA ICS

Siemens SCALANCE XCM-/XRM-300↗2024-02-15

▶

Microsoft

Possibility of deadlock in libbpf function sock_hash_delete_elem↗2023-07-11

▶

Red Hat

kernel: possibility of deadlock in libbpf function sock_hash_delete_elem↗2023-03-12

▶

Debian

CVE-2023-0160: linux - A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows ...↗2023

▶