CVE-2023-53169

EPSS 0.02%
Published 15.09.2025 14:04:02
Last modified 15.09.2025 15:22:27
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

x86/resctrl: Clear staged_config[] before and after it is used

As a temporary storage, staged_config[] in rdt_domain should be cleared
before and after it is used. The stale value in staged_config[] could
cause an MSR access error.

Here is a reproducer on a system with 16 usable CLOSIDs for a 15-way L3
Cache (MBA should be disabled if the number of CLOSIDs for MB is less than
16.) :
	mount -t resctrl resctrl -o cdp /sys/fs/resctrl
	mkdir /sys/fs/resctrl/p{1..7}
	umount /sys/fs/resctrl/
	mount -t resctrl resctrl /sys/fs/resctrl
	mkdir /sys/fs/resctrl/p{1..8}

An error occurs when creating resource group named p8:
    unchecked MSR access error: WRMSR to 0xca0 (tried to write 0x00000000000007ff) at rIP: 0xffffffff82249142 (cat_wrmsr+0x32/0x60)
    Call Trace:
     <IRQ>
     __flush_smp_call_function_queue+0x11d/0x170
     __sysvec_call_function+0x24/0xd0
     sysvec_call_function+0x89/0xc0
     </IRQ>
     <TASK>
     asm_sysvec_call_function+0x16/0x20

When creating a new resource control group, hardware will be configured
by the following process:
    rdtgroup_mkdir()
      rdtgroup_mkdir_ctrl_mon()
        rdtgroup_init_alloc()
          resctrl_arch_update_domains()

resctrl_arch_update_domains() iterates and updates all resctrl_conf_type
whose have_new_ctrl is true. Since staged_config[] holds the same values as
when CDP was enabled, it will continue to update the CDP_CODE and CDP_DATA
configurations. When group p8 is created, get_config_index() called in
resctrl_arch_update_domains() will return 16 and 17 as the CLOSIDs for
CDP_CODE and CDP_DATA, which will be translated to an invalid register -
0xca0 in this scenario.

Fix it by clearing staged_config[] before and after it is used.

[reinette: re-order commit tags]

Affected products Warnungen 0 Metrics 1 CWE 0 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 86db319d25db70cf4af4557e05f6fa6f39c70003

Version 75408e43509ed6207870c0e7e28656acbbc1f7fd

Status affected

Version < 3fc5941ecc31a495b6b84b465f36155009db99b5

Version 75408e43509ed6207870c0e7e28656acbbc1f7fd

Status affected

Version < 8ecc60ef9318f0d533b866fa421858cc185bccfc

Version 75408e43509ed6207870c0e7e28656acbbc1f7fd

Status affected

Version < 0424a7dfe9129b93f29b277511a60e87f052ac6b

Version 75408e43509ed6207870c0e7e28656acbbc1f7fd

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 5.15

Status affected

Version < 5.15

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.104

Status unaffected

Version <= 6.1.*

Version 6.1.21

Status unaffected

Version <= 6.2.*

Version 6.2.8

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.047

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/86db319d25db70cf4af4557e05f6fa6f39c70003

https://git.kernel.org/stable/c/3fc5941ecc31a495b6b84b465f36155009db99b5

https://git.kernel.org/stable/c/8ecc60ef9318f0d533b866fa421858cc185bccfc

https://git.kernel.org/stable/c/0424a7dfe9129b93f29b277511a60e87f052ac6b

https://nvd.nist.gov/vuln/detail/CVE-2023-53169

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53169

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53169

EUVD