CVE-2023-54149Incorrect Synchronization in Linux

CWE-821Incorrect Synchronization7 documents6 sources
Severity
4.7MEDIUM
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses When using the felix driver (the only one which supports UC filtering and MC filtering) as a DSA master for a random other DSA switch, one can see the following stack trace when the downstream switch ports join a VLAN-aware bridge: WARNING: suspicious RCU usage net/8021q/vlan_core.c:238 suspicious rcu_dereference_protected() usage! stack backtrace: Work

Affected Packages4 packages

Linuxlinux/linux_kernel6.3.06.3.13+1
Debianlinux/linux_kernel< 6.4.4-1+1
CVEListV5linux/linux64fdc5f341db01200e33105265d4b8450122a82e3948c69b3837fec2ee5a90fbc911c343199be0ac+4
debiandebian/linux< linux 6.4.4-1 (forky)

🔴Vulnerability Details

3
OSV
net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses2025-12-24
GHSA
GHSA-4vh9-h9jw-r347: In the Linux kernel, the following vulnerability has been resolved: net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses When us2025-12-24
OSV
CVE-2023-54149: In the Linux kernel, the following vulnerability has been resolved: net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses When usin2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses2025-12-24
Debian
CVE-2023-54149: linux - In the Linux kernel, the following vulnerability has been resolved: net: dsa: a...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54149 Impact, Exploitability, and Mitigation Steps | Wiz