CVE-2023-53501
- Source
- https://cve.org/CVERecord?id=CVE-2023-53501
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53501.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53501
- Downstream
- Related
- Published
- 2025-10-01T11:45:52.204Z
- Modified
- 2026-05-15T11:54:44.576157212Z
- Summary
- iommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
iommu/amd/iommuv2: Fix pasidstate refcount dec hit 0 warning on pasid unbind
When unbinding pasid - a race condition exists vs outstanding page faults.
To prevent this, the pasid_state object contains a refcount. * set to 1 on pasid bind * incremented on each ppr notification start * decremented on each ppr notification done * decremented on pasid unbind
Since refcountdec assumes that refcount will never reach 0: the current implementation causes the following to be invoked on pasid unbind: REFCOUNTWARN("decrement hit 0; leaking memory")
Fix this issue by changing refcountdec to refcountdecandtest to explicitly handle refcount=1.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53501.json" }- References
-
- https://git.kernel.org/stable/c/13ed255248dfbbb7f23f9170c7a537fb9ca22c73
- https://git.kernel.org/stable/c/534103bcd52ca9c1fecbc70e717b4a538dc4ded8
- https://git.kernel.org/stable/c/98d86bf32187db27946ca817c2467a5f2f7aa02f
- https://git.kernel.org/stable/c/9ccc51be3126b25cfe9351dbffde946c925cc28a
- https://git.kernel.org/stable/c/a50d60b8f2aff46dd7c7edb4a5835cdc4d432c22
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53501.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53501
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git