DEBIAN-CVE-2023-53475

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-53475

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53475.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53475

Upstream

CVE-2023-53475

Published

2025-10-01T12:15:49Z

Modified

2025-10-02T09:16:57.829321Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: tegra: fix sleep in atomic call When we set the dual-role port to Host mode, we observed the following splat: [ 167.057718] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:229 [ 167.057872] Workqueue: events tegraxusbusbphywork [ 167.057954] Call trace: [ 167.057962] dumpbacktrace+0x0/0x210 [ 167.057996] showstack+0x30/0x50 [ 167.058020] dumpstacklvl+0x64/0x84 [ 167.058065] dumpstack+0x14/0x34 [ 167.058100] _mightresched+0x144/0x180 [ 167.058140] _mightsleep+0x64/0xd0 [ 167.058171] slabpreallochook.constprop.0+0xa8/0x110 [ 167.058202] _kmalloctrackcaller+0x74/0x2b0 [ 167.058233] kvasprintf+0xa4/0x190 [ 167.058261] kasprintf+0x58/0x90 [ 167.058285] tegraxusbfindportnode.isra.0+0x58/0xd0 [ 167.058334] tegraxusbfindport+0x38/0xa0 [ 167.058380] tegraxusbpadctlgetusb3companion+0x38/0xd0 [ 167.058430] tegraxhciidnotify+0x8c/0x1e0 [ 167.058473] notifiercallchain+0x88/0x100 [ 167.058506] atomicnotifiercallchain+0x44/0x70 [ 167.058537] tegraxusbusbphywork+0x60/0xd0 [ 167.058581] processonework+0x1dc/0x4c0 [ 167.058618] workerthread+0x54/0x410 [ 167.058650] kthread+0x188/0x1b0 [ 167.058672] retfromfork+0x10/0x20 The function tegraxusbpadctlgetusb3companion eventually calls tegraxusbfindport and this in turn calls kasprintf which might sleep and so cannot be called from an atomic context. Fix this by moving the call to tegraxusbpadctlgetusb3companion to the tegraxhciidwork function where it is really needed.

References

https://security-tracker.debian.org/tracker/CVE-2023-53475

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.178-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

5.10.158-1

5.10.158-2

5.10.162-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.25-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.25-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.25-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}