CVE-2023-54206Context Switching Race Condition in Linux

CWE-368Context Switching Race Condition7 documents6 sources
Severity
4.7MEDIUM
No vector
EPSS
0.0%
top 92.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: fix filter idr initialization The cited commit moved idr initialization too early in fl_change() which allows concurrent users to access the filter that is still being initialized and is in inconsistent state, which, in turn, can cause NULL pointer dereference [0]. Since there is no obvious way to fix the ordering without reverting the whole cited commit, alternative approach taken to first insert NULL point

Affected Packages3 packages

Linuxlinux/linux_kernel6.3.06.3.3
CVEListV5linux/linux08a0063df3aed8d76a4034279117db12dbc1050f253a3a324e0ebc2825de76a0f5f17b8383b2023d+2
debiandebian/linux

🔴Vulnerability Details

3
OSV
net/sched: flower: fix filter idr initialization2025-12-30
GHSA
GHSA-v2jm-777x-22hp: In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: fix filter idr initialization The cited commit moved idr init2025-12-30
OSV
CVE-2023-54206: In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: fix filter idr initialization The cited commit moved idr initia2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: net/sched: flower: fix filter idr initialization2025-12-30
Debian
CVE-2023-54206: linux - In the Linux kernel, the following vulnerability has been resolved: net/sched: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54206 Impact, Exploitability, and Mitigation Steps | Wiz