CVE-2023-53577Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective LifetimeCWE-367Time-of-check Time-of-use (TOCTOU) Race Condition5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 96.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 4

Description

In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Make sure kthread is running before map update returns The following warning was reported when running stress-mode enabled xdp_redirect_cpu with some RT threads: ------------[ cut here ]------------ WARNING: CPU: 4 PID: 65 at kernel/bpf/cpumap.c:135 CPU: 4 PID: 65 Comm: kworker/4:1 Not tainted 6.5.0-rc2+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Workqueue: events cpu_map_kthread_stop RIP: 0010:put_

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel4.155.15.126+3
Debianlinux/linux_kernel< 6.1.52-1+2
CVEListV5linux/linux6710e1126934d8b4372b4d2f9ae1646cd3f151bfb44d28b98f185d2f2348aa3c3636838c316f889e+4
debiandebian/linux< linux 6.1.52-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-7977-f593-wgc3: In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Make sure kthread is running before map update returns The followin2025-10-04
OSV
CVE-2023-53577: In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Make sure kthread is running before map update returns The following2025-10-04

📋Vendor Advisories

2
Red Hat
kernel: bpf, cpumap: Make sure kthread is running before map update returns2025-10-04
Debian
CVE-2023-53577: linux - In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap...2023