CVE-2023-54306

syzbot sent a hung task report and Eric explains that adversarial receiver may keep RWIN at 0 for a long time, so we are not guaranteed to make forward progress. Thread which took txlock and went to sleep may not release txlock for hours. Use interruptible sleep where possible and reschedule the work if it can't take the lock.

Testing: existing selftest passes

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54306.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

79ffe6087e9145d2377385cac48d0d6a6b4225a5

Fixed

bde541a57b4204d0a800afbbd3d1c06c9cdb133f

Fixed

7123a4337bf73132bbfb5437e4dc83ba864a9a1e

Fixed

be5d5d0637fd88c18ee76024bdb22649a1de00d6

Fixed

1f800f6aae57d2d8f63d32fff383017cbc11cf65

Fixed

ccf1ccdc5926907befbe880b562b2a4b5f44c087

Fixed

f3221361dc85d4de22586ce8441ec2c67b454f5d

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c8d6817345f4ba228d07380e571676405e112872

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54306.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.4.0

Fixed

5.4.235

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.173

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.100

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.18

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.2.5

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54306.json"