CVE-2023-53731Deadlock in Linux

CWE-833Deadlock7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.1%
top 80.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedOct 22
Latest updateJan 27

Description

In the Linux kernel, the following vulnerability has been resolved: netlink: fix potential deadlock in netlink_set_err() syzbot reported a possible deadlock in netlink_set_err() [1] A similar issue was fixed in commit 1d482e666b8e ("netlink: disable IRQs for netlink_lock_table()") in netlink_lock_table() This patch adds IRQ safety to netlink_set_err() and __netlink_diag_dump() which were not covered by cited commit. [1] WARNING: possible irq lock inversion dependency detected 6.4.0-rc6-syz

Affected Packages5 packages

Linuxlinux/linux_kernel4.15.04.19.291+7
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linux82b2ea5f904b3826934df4a00f3b8806272185f6c09e8e3f7fd432984bf5422302b093d2371dfc48+12
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
netlink: fix potential deadlock in netlink_set_err()2025-10-22
GHSA
GHSA-cj8f-58h8-h475: In the Linux kernel, the following vulnerability has been resolved: netlink: fix potential deadlock in netlink_set_err() syzbot reported a possible2025-10-22
OSV
CVE-2023-53731: In the Linux kernel, the following vulnerability has been resolved: netlink: fix potential deadlock in netlink_set_err() syzbot reported a possible de2025-10-22

📋Vendor Advisories

3
Chrome
Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2023-537312026-01-27
Red Hat
kernel: Kernel: Denial of Service due to a Netlink subsystem deadlock2025-10-22
Debian
CVE-2023-53731: linux - In the Linux kernel, the following vulnerability has been resolved: netlink: fi...2023