CVE-2023-53501

To prevent this, the pasid_state object contains a refcount. * set to 1 on pasid bind * incremented on each ppr notification start * decremented on each ppr notification done * decremented on pasid unbind

Since refcountdec assumes that refcount will never reach 0: the current implementation causes the following to be invoked on pasid unbind: REFCOUNTWARN("decrement hit 0; leaking memory")

Fix this issue by changing refcountdec to refcountdecandtest to explicitly handle refcount=1.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53501.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

8bc54824da4e8fcf0ed679cf09ac32f23d83254a

Fixed

a50d60b8f2aff46dd7c7edb4a5835cdc4d432c22

Fixed

13ed255248dfbbb7f23f9170c7a537fb9ca22c73

Fixed

9ccc51be3126b25cfe9351dbffde946c925cc28a

Fixed

98d86bf32187db27946ca817c2467a5f2f7aa02f

Fixed

534103bcd52ca9c1fecbc70e717b4a538dc4ded8

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53501.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.15.0

Fixed

5.15.132

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.53

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.4.16

Type: ECOSYSTEM
Events: Introduced

6.5.0

Fixed

6.5.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53501.json"