CVE-2023-53169

EPSS 0.02%
Veröffentlicht 15.09.2025 14:04:02
Zuletzt bearbeitet 15.09.2025 15:22:27
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

x86/resctrl: Clear staged_config[] before and after it is used

As a temporary storage, staged_config[] in rdt_domain should be cleared
before and after it is used. The stale value in staged_config[] could
cause an MSR access error.

Here is a reproducer on a system with 16 usable CLOSIDs for a 15-way L3
Cache (MBA should be disabled if the number of CLOSIDs for MB is less than
16.) :
	mount -t resctrl resctrl -o cdp /sys/fs/resctrl
	mkdir /sys/fs/resctrl/p{1..7}
	umount /sys/fs/resctrl/
	mount -t resctrl resctrl /sys/fs/resctrl
	mkdir /sys/fs/resctrl/p{1..8}

An error occurs when creating resource group named p8:
    unchecked MSR access error: WRMSR to 0xca0 (tried to write 0x00000000000007ff) at rIP: 0xffffffff82249142 (cat_wrmsr+0x32/0x60)
    Call Trace:
     <IRQ>
     __flush_smp_call_function_queue+0x11d/0x170
     __sysvec_call_function+0x24/0xd0
     sysvec_call_function+0x89/0xc0
     </IRQ>
     <TASK>
     asm_sysvec_call_function+0x16/0x20

When creating a new resource control group, hardware will be configured
by the following process:
    rdtgroup_mkdir()
      rdtgroup_mkdir_ctrl_mon()
        rdtgroup_init_alloc()
          resctrl_arch_update_domains()

resctrl_arch_update_domains() iterates and updates all resctrl_conf_type
whose have_new_ctrl is true. Since staged_config[] holds the same values as
when CDP was enabled, it will continue to update the CDP_CODE and CDP_DATA
configurations. When group p8 is created, get_config_index() called in
resctrl_arch_update_domains() will return 16 and 17 as the CLOSIDs for
CDP_CODE and CDP_DATA, which will be translated to an invalid register -
0xca0 in this scenario.

Fix it by clearing staged_config[] before and after it is used.

[reinette: re-order commit tags]

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 86db319d25db70cf4af4557e05f6fa6f39c70003

Version 75408e43509ed6207870c0e7e28656acbbc1f7fd

Status affected

Version < 3fc5941ecc31a495b6b84b465f36155009db99b5

Version 75408e43509ed6207870c0e7e28656acbbc1f7fd

Status affected

Version < 8ecc60ef9318f0d533b866fa421858cc185bccfc

Version 75408e43509ed6207870c0e7e28656acbbc1f7fd

Status affected

Version < 0424a7dfe9129b93f29b277511a60e87f052ac6b

Version 75408e43509ed6207870c0e7e28656acbbc1f7fd

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.15

Status affected

Version < 5.15

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.104

Status unaffected

Version <= 6.1.*

Version 6.1.21

Status unaffected

Version <= 6.2.*

Version 6.2.8

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.047

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/86db319d25db70cf4af4557e05f6fa6f39c70003

https://git.kernel.org/stable/c/3fc5941ecc31a495b6b84b465f36155009db99b5

https://git.kernel.org/stable/c/8ecc60ef9318f0d533b866fa421858cc185bccfc

https://git.kernel.org/stable/c/0424a7dfe9129b93f29b277511a60e87f052ac6b

https://nvd.nist.gov/vuln/detail/CVE-2023-53169

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53169

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53169

EUVD