CVE-2023-53694Improper Synchronization in Linux

CWE-662Improper Synchronization6 documents5 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 22

Description

In the Linux kernel, the following vulnerability has been resolved: riscv: ftrace: Fixup panic by disabling preemption In RISCV, we must use an AUIPC + JALR pair to encode an immediate, forming a jump that jumps to an address over 4K. This may cause errors if we want to enable kernel preemption and remove dependency from patching code with stop_machine(). For example, if a task was switched out on auipc. And, if we changed the ftrace function before it was switched back, then it would jump to

Affected Packages4 packages

Linuxlinux/linux_kernel5.12.06.1.23+1
Debianlinux/linux_kernel< 6.1.25-1+2
CVEListV5linux/linuxafc76b8b80112189b6f11e67e19cf5830194481484cfcf240f4a577733b1d98fcd2611a611612b03+3
debiandebian/linux< linux 6.1.25-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-65c4-f76q-3c6g: In the Linux kernel, the following vulnerability has been resolved: riscv: ftrace: Fixup panic by disabling preemption In RISCV, we must use an AUIP2025-10-22
OSV
CVE-2023-53694: In the Linux kernel, the following vulnerability has been resolved: riscv: ftrace: Fixup panic by disabling preemption In RISCV, we must use an AUIPC2025-10-22
OSV
riscv: ftrace: Fixup panic by disabling preemption2025-10-22

📋Vendor Advisories

2
Red Hat
kernel: riscv: ftrace: Fixup panic by disabling preemption2025-10-22
Debian
CVE-2023-53694: linux - In the Linux kernel, the following vulnerability has been resolved: riscv: ftra...2023