CVE-2023-54268Deadlock in Linux

CWE-833Deadlock7 documents6 sources
Severity
2.5LOW
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't wake up kswapd from fill_pool() syzbot is reporting a lockdep warning in fill_pool() because the allocation from debugobjects is using GFP_ATOMIC, which is (__GFP_HIGH | __GFP_KSWAPD_RECLAIM) and therefore tries to wake up kswapd, which acquires kswapd_wait::lock. Since fill_pool() might be called with arbitrary locks held, fill_pool() should not assume that acquiring kswapd_wait::lock is safe. Use __GFP_

Affected Packages4 packages

Linuxlinux/linux_kernel2.6.265.4.244+4
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linux3ac7fe5a4aab409bd5674d0b070bce97f9d20872be646802b3dc408c4dc72a3ac32c3f4a0282414d+6
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54268: In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't wake up kswapd from fill_pool() syzbot is reporting a lockdep2025-12-30
GHSA
GHSA-wfjg-crvw-f25h: In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't wake up kswapd from fill_pool() syzbot is reporting a lockde2025-12-30
OSV
debugobjects: Don't wake up kswapd from fill_pool()2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: debugobjects: Don't wake up kswapd from fill_pool()2025-12-30
Debian
CVE-2023-54268: linux - In the Linux kernel, the following vulnerability has been resolved: debugobject...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54268 Impact, Exploitability, and Mitigation Steps | Wiz