CVE-2023-53799 — Context Switching Race Condition in Linux

CWE-368 — Context Switching Race Condition6 documents5 sources

Severity

4.7MEDIUM

No vector

EPSS

0.0%

top 85.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: api - Use work queue in crypto_destroy_instance The function crypto_drop_spawn expects to be called in process context. However, when an instance is unregistered while it still has active users, the last user may cause the instance to be freed in atomic context. Fix this by delaying the freeing to a work queue.

Affected Packages4 packages

▶Linuxlinux/linux_kernel2.6.19 — 5.10.195+4

▶Debianlinux/linux_kernel< 5.10.197-1+3

▶CVEListV5linux/linux6bfd48096ff8ecabf955958b51ddfa7988eb0a14 — 625bf86bf53eb7a8ee60fb9dc45b272b77e5ce1c+6

▶debiandebian/linux< linux 6.1.55-1 (bookworm)

🔴Vulnerability Details

OSV

crypto: api - Use work queue in crypto_destroy_instance↗2025-12-09

▶

OSV

CVE-2023-53799: In the Linux kernel, the following vulnerability has been resolved: crypto: api - Use work queue in crypto_destroy_instance The function crypto_drop_s↗2025-12-09

▶

GHSA

GHSA-cp5p-6f9j-7hj2: In the Linux kernel, the following vulnerability has been resolved: crypto: api - Use work queue in crypto_destroy_instance The function crypto_drop↗2025-12-09

▶

📋Vendor Advisories

Red Hat

kernel: crypto: api - Use work queue in crypto_destroy_instance↗2025-12-09

▶

Debian

CVE-2023-53799: linux - In the Linux kernel, the following vulnerability has been resolved: crypto: api...↗2023

▶