CVE-2023-53860Use of a Non-reentrant Function in a Concurrent Context in Linux

CWE-663Use of a Non-reentrant Function in a Concurrent Context7 documents6 sources
Severity
4.7MEDIUM
No vector
EPSS
0.0%
top 90.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: dm: don't attempt to queue IO under RCU protection dm looks up the table for IO based on the request type, with an assumption that if the request is marked REQ_NOWAIT, it's fine to attempt to submit that IO while under RCU read lock protection. This is not OK, as REQ_NOWAIT just means that we should not be sleeping waiting on other IO, it does not mean that we can't potentially schedule. A simple test case demonstrates this q

Affected Packages4 packages

debiandebian/linux< linux 6.1.55-1 (bookworm)
Linuxlinux/linux_kernel5.19.06.1.55+1
Debianlinux/linux_kernel< 6.1.55-1+2
CVEListV5linux/linux563a225c9fd207326c2a2af9d59b4097cb31ce70d7b2abd87d1fcdb47811f90090a363e7ca15cb14+3

🔴Vulnerability Details

3
OSV
dm: don't attempt to queue IO under RCU protection2025-12-09
OSV
CVE-2023-53860: In the Linux kernel, the following vulnerability has been resolved: dm: don't attempt to queue IO under RCU protection dm looks up the table for IO ba2025-12-09
GHSA
GHSA-g5v9-7ppc-vg8p: In the Linux kernel, the following vulnerability has been resolved: dm: don't attempt to queue IO under RCU protection dm looks up the table for IO2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: dm: don't attempt to queue IO under RCU protection2025-12-09
Debian
CVE-2023-53860: linux - In the Linux kernel, the following vulnerability has been resolved: dm: don't a...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-53860 Impact, Exploitability, and Mitigation Steps | Wiz