CVE-2023-54283Race Condition within a Thread in Linux

CWE-366Race Condition within a Thread7 documents6 sources
Severity
2.5LOW
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Address KCSAN report on bpf_lru_list KCSAN reported a data-race when accessing node->ref. Although node->ref does not have to be accurate, take this chance to use a more common READ_ONCE() and WRITE_ONCE() pattern instead of data_race(). There is an existing bpf_lru_node_is_ref() and bpf_lru_node_set_ref(). This patch also adds bpf_lru_node_clear_ref() to do the WRITE_ONCE(node->ref, 0) also. BUG: KCSAN: data-race in __

Affected Packages4 packages

Linuxlinux/linux_kernel4.10.04.14.322+6
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linux3a08c2fd763450a927d1130de078d6f9e74944fb6eaef1b1d8720053eb1b6e7a3ff8b2ff0716bb90+8
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-6v87-5qgj-v74j: In the Linux kernel, the following vulnerability has been resolved: bpf: Address KCSAN report on bpf_lru_list KCSAN reported a data-race when access2025-12-30
OSV
bpf: Address KCSAN report on bpf_lru_list2025-12-30
OSV
CVE-2023-54283: In the Linux kernel, the following vulnerability has been resolved: bpf: Address KCSAN report on bpf_lru_list KCSAN reported a data-race when accessin2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: bpf: Address KCSAN report on bpf_lru_list2025-12-30
Debian
CVE-2023-54283: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: Addres...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54283 Impact, Exploitability, and Mitigation Steps | Wiz