DEBIAN-CVE-2023-53577

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-53577

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53577.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53577

Upstream

CVE-2023-53577

Published

2025-10-04T16:15:53Z

Modified

2025-10-05T09:18:31.602980Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Make sure kthread is running before map update returns The following warning was reported when running stress-mode enabled xdpredirectcpu with some RT threads: ------------[ cut here ]------------ WARNING: CPU: 4 PID: 65 at kernel/bpf/cpumap.c:135 CPU: 4 PID: 65 Comm: kworker/4:1 Not tainted 6.5.0-rc2+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Workqueue: events cpumapkthreadstop RIP: 0010:putcpumapentry+0xda/0x220 ...... Call Trace: <TASK> ? showregs+0x65/0x70 ? _warn+0xa5/0x240 ...... ? putcpumapentry+0xda/0x220 cpumapkthreadstop+0x41/0x60 processonework+0x6b0/0xb80 workerthread+0x96/0x720 kthread+0x1a5/0x1f0 retfromfork+0x3a/0x70 retfromforkasm+0x1b/0x30 </TASK> The root cause is the same as commit 436901649731 ("bpf: cpumap: Fix memory leak in cpumapupdateelem"). The kthread is stopped prematurely by kthreadstop() in cpumapkthreadstop(), and kthread() doesn't call cpumapkthreadrun() at all but XDP program has already queued some frames or skbs into ptrring. So when _cpumapringcleanup() checks the ptrring, it will find it was not emptied and report a warning. An alternative fix is to use _cpumapringcleanup() to drop these pending frames or skbs when kthreadstop() returns -EINTR, but it may confuse the user, because these frames or skbs have been handled correctly by XDP program. So instead of dropping these frames or skbs, just make sure the per-cpu kthread is running before _cpumapentryalloc() returns. After apply the fix, the error handle for kthreadstop() will be unnecessary because it will always return 0, so just remove it.

References

https://security-tracker.debian.org/tracker/CVE-2023-53577

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

5.10.158-1

5.10.158-2

5.10.162-1

5.10.178-1

5.10.178-2

5.10.178-3

5.10.179-1

5.10.179-2

5.10.179-3

5.10.179-4

5.10.179-5

5.10.191-1

5.10.197-1

5.10.205-1

5.10.205-2

5.10.209-1

5.10.209-2

5.10.216-1

5.10.218-1

5.10.221-1

5.10.223-1

5.10.226-1

5.10.234-1

5.10.237-1

5.13.9-1~exp1

5.13.9-1~exp2

5.13.12-1~exp1

5.14-1~exp1

5.14-1~exp2

5.14.1-1~exp1

5.14.2-1~exp1

5.14.3-1~exp1

5.14.6-1

5.14.6-2

5.14.6-3

5.14.9-1

5.14.9-2~bpo11+1

5.14.9-2

5.14.12-1

5.14.16-1

5.15-1~exp1

5.15.1-1~exp1

5.15.2-1~exp1

5.15.3-1

5.15.5-1

5.15.5-2~bpo11+1

5.15.5-2

5.15.15-1

5.15.15-2~bpo11+1

5.15.15-2

5.16~rc1-1~exp1

5.16~rc3-1~exp1

5.16~rc4-1~exp1

5.16~rc5-1~exp1

5.16~rc6-1~exp1

5.16~rc7-1~exp1

5.16~rc8-1~exp1

5.16.3-1~exp1

5.16.4-1~exp1

5.16.7-1

5.16.7-2

5.16.10-1

5.16.11-1~bpo11+1

5.16.11-1

5.16.12-1~bpo11+1

5.16.12-1

5.16.14-1

5.16.18-1

5.17~rc3-1~exp1

5.17~rc4-1~exp1

5.17~rc5-1~exp1

5.17~rc6-1~exp1

5.17~rc7-1~exp1

5.17~rc8-1~exp1

5.17.1-1~exp1

5.17.3-1

5.17.6-1

5.17.11-1

5.18-1~exp1

5.18.2-1~bpo11+1

5.18.2-1

5.18.5-1

5.18.14-1~bpo11+1

5.18.14-1

5.18.16-1~bpo11+1

5.18.16-1

5.19~rc4-1~exp1

5.19~rc6-1~exp1

5.19-1~exp1

5.19.6-1

5.19.11-1~bpo11+1

5.19.11-1

6.*

6.0~rc7-1~exp1

6.0-1~exp1

6.0.2-1

6.0.3-1~bpo11+1

6.0.3-1

6.0.5-1

6.0.6-1

6.0.6-2

6.0.7-1

6.0.8-1

6.0.10-1

6.0.10-2

6.0.12-1~bpo11+1

6.0.12-1

6.0.12-1+alpha

6.1~rc3-1~exp1

6.1~rc5-1~exp1

6.1~rc6-1~exp1

6.1~rc7-1~exp1

6.1~rc8-1~exp1

6.1.1-1~exp1

6.1.1-1~exp2

6.1.2-1~exp1

6.1.4-1

6.1.7-1

6.1.8-1

6.1.8-1+sh4

6.1.11-1

6.1.12-1~bpo11+1

6.1.12-1

6.1.15-1~bpo11+1

6.1.15-1

6.1.20-1~bpo11+1

6.1.20-1

6.1.20-2~bpo11+1

6.1.20-2

6.1.25-1

6.1.27-1~bpo11+1

6.1.27-1

6.1.37-1

6.1.38-1

6.1.38-2~bpo11+1

6.1.38-2

6.1.38-3

6.1.38-4~bpo11+1

6.1.38-4

6.1.52-1

6.1.55-1~bpo11+1

6.1.55-1

6.1.64-1

6.1.66-1

6.1.67-1

6.1.69-1~bpo11+1

6.1.69-1

6.1.76-1~bpo11+1

6.1.76-1

6.1.82-1

6.1.85-1

6.1.90-1~bpo11+1

6.1.90-1

6.1.94-1~bpo11+1

6.1.94-1

6.1.98-1

6.1.99-1

6.1.106-1

6.1.106-2

6.1.106-3

6.1.112-1

6.1.115-1

6.1.119-1

6.1.123-1

6.1.124-1

6.1.128-1

6.1.129-1

6.1.133-1

6.1.135-1

6.1.137-1

6.1.139-1

6.1.140-1

6.1.147-1

6.1.148-1

6.1.153-1

6.3.1-1~exp1

6.3.2-1~exp1

6.3.4-1~exp1

6.3.5-1~exp1

6.3.7-1~bpo12+1

6.3.7-1

6.3.11-1

6.4~rc6-1~exp1

6.4~rc7-1~exp1

6.4.1-1~exp1

6.4.4-1~bpo12+1

6.4.4-1

6.4.4-2

6.4.4-3~bpo12+1

6.4.4-3

6.4.11-1

6.4.13-1

6.5~rc4-1~exp1

6.5~rc6-1~exp1

6.5~rc7-1~exp1

6.5.1-1~exp1

6.5.3-1~bpo12+1

6.5.3-1

6.5.6-1

6.5.8-1

6.5.10-1~bpo12+1

6.5.10-1

6.5.13-1

6.6.3-1~exp1

6.6.4-1~exp1

6.6.7-1~exp1

6.6.8-1

6.6.9-1

6.6.11-1

6.6.13-1~bpo12+1

6.6.13-1

6.6.15-1

6.6.15-2

6.7-1~exp1

6.7.1-1~exp1

6.7.4-1~exp1

6.7.7-1

6.7.9-1

6.7.9-2

6.7.12-1~bpo12+1

6.7.12-1

6.8.9-1

6.8.11-1

6.8.12-1~bpo12+1

6.8.12-1

6.9.2-1~exp1

6.9.7-1~bpo12+1

6.9.7-1

6.9.8-1

6.9.9-1

6.9.10-1~bpo12+1

6.9.10-1

6.9.11-1

6.9.12-1

6.10-1~exp1

6.10.1-1~exp1

6.10.3-1

6.10.4-1

6.10.6-1~bpo12+1

6.10.6-1

6.10.7-1

6.10.9-1

6.10.11-1~bpo12+1

6.10.11-1

6.10.12-1

6.11~rc4-1~exp1

6.11~rc5-1~exp1

6.11-1~exp1

6.11.2-1

6.11.4-1

6.11.5-1~bpo12+1

6.11.5-1

6.11.6-1

6.11.7-1

6.11.9-1

6.11.10-1~bpo12+1

6.11.10-1

6.12~rc6-1~exp1

6.12.3-1

6.12.5-1

6.12.6-1

6.12.8-1

6.12.9-1~bpo12+1

6.12.9-1

6.12.9-1+alpha

6.12.10-1

6.12.11-1

6.12.11-1+alpha

6.12.11-1+alpha.1

6.12.12-1~bpo12+1

6.12.12-1

6.12.13-1

6.12.15-1

6.12.16-1

6.12.17-1

6.12.19-1

6.12.20-1

6.12.21-1

6.12.22-1~bpo12+1

6.12.22-1

6.12.25-1

6.12.27-1~bpo12+1

6.12.27-1

6.12.29-1

6.12.30-1~bpo12+1

6.12.30-1

6.12.31-1

6.12.32-1~bpo12+1

6.12.32-1

6.12.33-1~bpo12+1

6.12.33-1

6.12.35-1~bpo12+1

6.12.35-1

6.12.37-1

6.12.38-1~bpo12+1

6.12.38-1

6.12.41-1

6.12.43-1~bpo12+1

6.12.43-1

6.12.48-1

6.13~rc6-1~exp1

6.13~rc7-1~exp1

6.13.2-1~exp1

6.13.3-1~exp1

6.13.4-1~exp1

6.13.5-1~exp1

6.13.6-1~exp1

6.13.7-1~exp1

6.13.8-1~exp1

6.13.9-1~exp1

6.13.10-1~exp1

6.13.11-1~exp1

6.14.3-1~exp1

6.14.5-1~exp1

6.14.6-1~exp1

6.15~rc7-1~exp1

6.15-1~exp1

6.15.1-1~exp1

6.15.2-1~exp1

6.15.3-1~exp1

6.15.4-1~exp1

6.15.5-1~exp1

6.15.6-1~exp1

6.16~rc7-1~exp1

6.16-1~exp1

6.16.1-1~exp1

6.16.3-1~bpo13+1

6.16.3-1

6.16.5-1

6.16.6-1

6.16.7-1

6.16.8-1

6.16.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.52-1

Affected versions

6.*

6.1.27-1

6.1.37-1

6.1.38-1

6.1.38-2~bpo11+1

6.1.38-2

6.1.38-3

6.1.38-4~bpo11+1

6.1.38-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}