CVE-2023-54019Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi trigger in cgroup_file_release causes UAF issues when a cgroup is removed from under a polling process. This is happening because cgroup removal causes a call to cgroup_file_release while the actual file is still alive. Destroying the trigger at this point would also destroy its waitqueue head and if there is still a polling process on that file acc

Affected Packages4 packages

Linuxlinux/linux_kernel5.2.06.1.42+1
Debianlinux/linux_kernel< 6.1.52-1+2
CVEListV5linux/linux0e94682b73bfa6c44c98af7a26771c9c08c055d592cc0153324b6ae8577a39f5bf2cd83c9a34ea6a+3
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
sched/psi: use kernfs polling functions for PSI trigger polling2025-12-24
OSV
CVE-2023-54019: In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi tri2025-12-24
GHSA
GHSA-j7pj-g3hv-5hcw: In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi t2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: sched/psi: use kernfs polling functions for PSI trigger polling2025-12-24
Debian
CVE-2023-54019: linux - In the Linux kernel, the following vulnerability has been resolved: sched/psi: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54019 Impact, Exploitability, and Mitigation Steps | Wiz