CVE-2023-53815Infinite Loop in Linux

CWE-835Infinite Loop6 documents5 sources
Severity
4.7MEDIUM
No vector
EPSS
0.0%
top 85.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: posix-timers: Prevent RT livelock in itimer_delete() itimer_delete() has a retry loop when the timer is concurrently expired. On non-RT kernels this just spin-waits until the timer callback has completed, except for posix CPU timers which have HAVE_POSIX_CPU_TIMERS_TASK_WORK enabled. In that case and on RT kernels the existing task could live lock when preempting the task which does the timer delivery. Replace spin_unlock()

Affected Packages4 packages

Linuxlinux/linux_kernel5.4.05.10.188+4
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxec8f954a40da8cd3d159713b608e901f0cd909a9f1be1ed32daa053484222f7f9beb2b16c624dffd+6
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-53815: In the Linux kernel, the following vulnerability has been resolved: posix-timers: Prevent RT livelock in itimer_delete() itimer_delete() has a retry l2025-12-09
GHSA
GHSA-qppf-xpg3-fxjq: In the Linux kernel, the following vulnerability has been resolved: posix-timers: Prevent RT livelock in itimer_delete() itimer_delete() has a retry2025-12-09
OSV
posix-timers: Prevent RT livelock in itimer_delete()2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: posix-timers: Prevent RT livelock in itimer_delete()2025-12-09
Debian
CVE-2023-53815: linux - In the Linux kernel, the following vulnerability has been resolved: posix-timer...2023