CVE-2023-54303Race Condition within a Thread in Linux

CWE-366Race Condition within a Thread7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Disable preemption in bpf_perf_event_output The nesting protection in bpf_perf_event_output relies on disabled preemption, which is guaranteed for kprobes and tracepoints. However bpf_perf_event_output can be also called from uprobes context through bpf_prog_run_array_sleepable function which disables migration, but keeps preemption enabled. This can cause task to be preempted by another one inside the nesting protectio

Affected Packages4 packages

Linuxlinux/linux_kernel6.0.06.1.45+1
Debianlinux/linux_kernel< 6.1.52-1+2
CVEListV5linux/linux8c7dcb84e3b744b2b70baa7a44a9b1881c33a9c93654ed5daf492463c3faa434c7000d45c2da2ace+3
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
bpf: Disable preemption in bpf_perf_event_output2025-12-30
GHSA
GHSA-cw6q-jwcq-fg6h: In the Linux kernel, the following vulnerability has been resolved: bpf: Disable preemption in bpf_perf_event_output The nesting protection in bpf_p2025-12-30
OSV
CVE-2023-54303: In the Linux kernel, the following vulnerability has been resolved: bpf: Disable preemption in bpf_perf_event_output The nesting protection in bpf_per2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: bpf: Disable preemption in bpf_perf_event_output2025-12-30
Debian
CVE-2023-54303: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: Disabl...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54303 Impact, Exploitability, and Mitigation Steps | Wiz