CVE-2023-54306Deadlock in Linux

CWE-833Deadlock7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: net: tls: avoid hanging tasks on the tx_lock syzbot sent a hung task report and Eric explains that adversarial receiver may keep RWIN at 0 for a long time, so we are not guaranteed to make forward progress. Thread which took tx_lock and went to sleep may not release tx_lock for hours. Use interruptible sleep where possible and reschedule the work if it can't take the lock. Testing: existing selftest passes

Affected Packages4 packages

Linuxlinux/linux_kernel5.4.05.4.235+4
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux79ffe6087e9145d2377385cac48d0d6a6b4225a5bde541a57b4204d0a800afbbd3d1c06c9cdb133f+7
debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54306: In the Linux kernel, the following vulnerability has been resolved: net: tls: avoid hanging tasks on the tx_lock syzbot sent a hung task report and Er2025-12-30
OSV
net: tls: avoid hanging tasks on the tx_lock2025-12-30
GHSA
GHSA-f7xx-6pgx-v4hg: In the Linux kernel, the following vulnerability has been resolved: net: tls: avoid hanging tasks on the tx_lock syzbot sent a hung task report and2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: net: tls: avoid hanging tasks on the tx_lock2025-12-30
Debian
CVE-2023-54306: linux - In the Linux kernel, the following vulnerability has been resolved: net: tls: a...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54306 Impact, Exploitability, and Mitigation Steps | Wiz