CVE-2023-53590Improper Locking in Linux

CWE-667Improper LockingCWE-1050Excessive Platform Resource Consumption within a Loop5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 98.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 4

Description

In the Linux kernel, the following vulnerability has been resolved: sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop With this refcnt added in sctp_stream_priorities, we don't need to traverse all streams to check if the prio is used by other streams when freeing one stream's prio in sctp_sched_prio_free_sid(). This can avoid a nested loop (up to 65535 * 65535), which may cause a stuck as Ying reported: watchdog: BUG: soft lockup - CPU#23 stuck for 26s! [ksoftirqd/23:136] C

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel5.4.2265.4.235+6
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linuxa7555681e50bdebed2c40ff7404ee73c2e932993cec326443f01283ef68ea00c06ea073b1835a562+7
debiandebian/linux< linux 6.1.20-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-h343-797x-8cg9: In the Linux kernel, the following vulnerability has been resolved: sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop With this re2025-10-04
OSV
CVE-2023-53590: In the Linux kernel, the following vulnerability has been resolved: sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop With this refc2025-10-04

📋Vendor Advisories

2
Red Hat
kernel: sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop2025-10-04
Debian
CVE-2023-53590: linux - In the Linux kernel, the following vulnerability has been resolved: sctp: add a...2023