DEBIAN-CVE-2023-53281

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-53281

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53281.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53281

Upstream

CVE-2023-53281

Published

2025-09-16T08:15:37.030Z

Modified

2025-12-03T15:24:25.958937Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8723bs: Fix locking in rtwjointimeouthandler() Commit 041879b12ddb ("drivers: staging: rtl8192bs: Fix deadlock in rtwjoinbsseventprehandle()") besides fixing the deadlock also modified rtwjointimeouthandler() to use spin[un]lockirq() instead of spin[un]lockbh(). rtwjointimeouthandler() calls rtwdojoin() which takes pmlmepriv->scannedqueue.lock using spin_[un]lockbh(). This spinunlock_bh() call re-enables softirqs which triggers an oops in kernel/softirq.c: __localbhenableip() when it calls lockdepassertirqsenabled(): [ 244.506087] WARNING: CPU: 2 PID: 0 at kernel/softirq.c:376 __localbhenableip+0xa6/0x100 ... [ 244.509022] Call Trace: [ 244.509048] <IRQ> [ 244.509100] rtwjointimeouthandler+0x134/0x170 [r8723bs] [ 244.509468] ? pfxrtwjointimeouthandler+0x10/0x10 [r8723bs] [ 244.509772] ? pfxrtw_jointimeouthandler+0x10/0x10 [r8723bs] [ 244.510076] calltimerfn+0x95/0x2a0 [ 244.510200] _runtimers.part.0+0x1da/0x2d0 This oops is causd by the switch to spin[un]lockirq() which disables the IRQs for the entire duration of rtwjointimeouthandler(). Disabling the IRQs is not necessary since all code taking this lock runs from either user contexts or from softirqs, switch back to spin[un]lockbh() to fix this.

References

https://security-tracker.debian.org/tracker/CVE-2023-53281

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.37-1

Affected versions

6.*

6.1.27-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53281.json"

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.3.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53281.json"

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.3.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53281.json"