DEBIAN-CVE-2023-54235
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-54235
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54235.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-54235
- Upstream
- Published
- 2025-12-30T13:16:11.953Z
- Modified
- 2026-03-11T07:35:12.385270Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix destroyworkonstack() race The following debug object splat was observed in testing: ODEBUG: free active (active state 0) object: 0000000097d23782 object type: workstruct hint: doestatemachinework+0x0/0x510 WARNING: CPU: 1 PID: 71 at lib/debugobjects.c:514 debugprintobject+0x7d/0xb0 ... Workqueue: pci 0000:36:00.0 DOE [1 doestatemachinework RIP: 0010:debugprintobject+0x7d/0xb0 ... Call Trace: ? debugprintobject+0x7d/0xb0 ? __pfxdoestatemachinework+0x10/0x10 debugobjectfree.part.0+0x11b/0x150 doestatemachinework+0x45e/0x510 processonework+0x1d4/0x3c0 This occurs because destroyworkonstack() was called after signaling the completion in the calling thread. This creates a race between destroyworkonstack() and the task->work struct going out of scope in pcidoe(). Signal the work complete after destroying the work struct. This is safe because signaltaskcomplete() is the final thing the work item does and the workqueue code is careful not to access the work struct after.
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.55-1
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source