CVE-2023-53815

itimerdelete() has a retry loop when the timer is concurrently expired. On non-RT kernels this just spin-waits until the timer callback has completed, except for posix CPU timers which have HAVEPOSIXCPUTIMERSTASKWORK enabled.

In that case and on RT kernels the existing task could live lock when preempting the task which does the timer delivery.

Replace spinunlock() with an invocation of timerwait_running() to handle it the same way as the other retry loops in the posix timer code.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53815.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ec8f954a40da8cd3d159713b608e901f0cd909a9

Fixed

f1be1ed32daa053484222f7f9beb2b16c624dffd

Fixed

0670c4c567b27bd8f999a943028f4fe60d1a1106

Fixed

e7aff15ba29ba4b3052786b1636fa5c4aa39e179

Fixed

f9bd298e3e4d3fd6e19f017789a42d0f332cd555

Fixed

c1968bb8a28625cc95d2ad3ca872ab98c9c36d59

Fixed

9d9e522010eb5685d8b53e8a24320653d9d4cbbf

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53815.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.4.0

Fixed

5.10.188

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.121

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.39

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.3.13

Type: ECOSYSTEM
Events: Introduced

6.4.0

Fixed

6.4.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53815.json"