CVE-2023-53728Time-of-check Time-of-use (TOCTOU) Race Condition in Linux

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition6 documents5 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 88.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 22

Description

In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid posix_timer_add() tries to allocate a posix timer ID by starting from the cached ID which was stored by the last successful allocation. This is done in a loop searching the ID space for a free slot one by one. The loop has to terminate when the search wrapped around to the starting point. But that's racy vs. establishing the starting point. That is read out lockless, w

Affected Packages4 packages

Linuxlinux/linux_kernel3.10.04.14.322+6
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linux5ed67f05f66c41e39880a6d61358438a25f9fee58dc52c200b889bc1cb34288fbf623d4ff381d2ae+8
debiandebian/linux< linux 6.1.112-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-53728: In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid posix_timer_add() tries t2025-10-22
OSV
posix-timers: Ensure timer ID search-loop limit is valid2025-10-22
GHSA
GHSA-2cvf-73cf-jrw5: In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid posix_timer_add() tries2025-10-22

📋Vendor Advisories

2
Red Hat
kernel: posix-timers: Ensure timer ID search-loop limit is valid2025-10-22
Debian
CVE-2023-53728: linux - In the Linux kernel, the following vulnerability has been resolved: posix-timer...2023