CVE-2023-54170Incorrect Synchronization in Linux

CWE-821Incorrect Synchronization7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: keys: Fix linking a duplicate key to a keyring's assoc_array When making a DNS query inside the kernel using dns_query(), the request code can in rare cases end up creating a duplicate index key in the assoc_array of the destination keyring. It is eventually found by a BUG_ON() check in the assoc_array implementation and results in a crash. Example report: [2158499.700025] kernel BUG at ../lib/assoc_array.c:652! [2158499.7000

Affected Packages4 packages

Linuxlinux/linux_kernel5.3.05.4.253+4
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxdf593ee23e05cdda16c8c995e5818779431bb29f65bd66a794bfa059375ec834885bb610d75c0182+6
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54170: In the Linux kernel, the following vulnerability has been resolved: keys: Fix linking a duplicate key to a keyring's assoc_array When making a DNS que2025-12-30
OSV
keys: Fix linking a duplicate key to a keyring's assoc_array2025-12-30
GHSA
GHSA-r3pm-w3wq-c59c: In the Linux kernel, the following vulnerability has been resolved: keys: Fix linking a duplicate key to a keyring's assoc_array When making a DNS q2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: keys: Fix linking a duplicate key to a keyring's assoc_array2025-12-30
Debian
CVE-2023-54170: linux - In the Linux kernel, the following vulnerability has been resolved: keys: Fix l...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54170 Impact, Exploitability, and Mitigation Steps | Wiz