CVE-2023-53281

EPSS 0.02%
Veröffentlicht 16.09.2025 08:11:15
Zuletzt bearbeitet 16.09.2025 12:49:16
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler()

Commit 041879b12ddb ("drivers: staging: rtl8192bs: Fix deadlock in
rtw_joinbss_event_prehandle()") besides fixing the deadlock also
modified _rtw_join_timeout_handler() to use spin_[un]lock_irq()
instead of spin_[un]lock_bh().

_rtw_join_timeout_handler() calls rtw_do_join() which takes
pmlmepriv->scanned_queue.lock using spin_[un]lock_bh(). This
spin_unlock_bh() call re-enables softirqs which triggers an oops in
kernel/softirq.c: __local_bh_enable_ip() when it calls
lockdep_assert_irqs_enabled():

[  244.506087] WARNING: CPU: 2 PID: 0 at kernel/softirq.c:376 __local_bh_enable_ip+0xa6/0x100
...
[  244.509022] Call Trace:
[  244.509048]  <IRQ>
[  244.509100]  _rtw_join_timeout_handler+0x134/0x170 [r8723bs]
[  244.509468]  ? __pfx__rtw_join_timeout_handler+0x10/0x10 [r8723bs]
[  244.509772]  ? __pfx__rtw_join_timeout_handler+0x10/0x10 [r8723bs]
[  244.510076]  call_timer_fn+0x95/0x2a0
[  244.510200]  __run_timers.part.0+0x1da/0x2d0

This oops is causd by the switch to spin_[un]lock_irq() which disables
the IRQs for the entire duration of _rtw_join_timeout_handler().

Disabling the IRQs is not necessary since all code taking this lock
runs from either user contexts or from softirqs, switch back to
spin_[un]lock_bh() to fix this.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 209850f17717a3b5cc558578bef5631ac7045539

Version ae60744d5fad840b9d056d35b4b652d95e755846

Status affected

Version < 2a50e44a66d268ee5db3d177f1fdc1503dbce6e7

Version 041879b12ddb0c6c83ed9c0bdd10dc82a056f2fc

Status affected

Version < dc327e87c6d9bfd9ee08e76396b3c0ba848ec554

Version 041879b12ddb0c6c83ed9c0bdd10dc82a056f2fc

Status affected

Version < 4ab1bace1dd3875371b481ef4301c4671bddea22

Version 041879b12ddb0c6c83ed9c0bdd10dc82a056f2fc

Status affected

Version < 215792eda008f6a1e7ed9d77fa20d582d22bb114

Version 041879b12ddb0c6c83ed9c0bdd10dc82a056f2fc

Status affected

Version 1f6c99b94ca3caad346876b3e22e3ca3d25bc8ee

Status affected

Version eca9748d9267a38d532464e3305a38629e9c35a9

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.19

Status affected

Version < 5.19

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.111

Status unaffected

Version <= 6.1.*

Version 6.1.28

Status unaffected

Version <= 6.2.*

Version 6.2.15

Status unaffected

Version <= 6.3.*

Version 6.3.2

Status unaffected

Version <= *

Version 6.4

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.048

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/209850f17717a3b5cc558578bef5631ac7045539

https://git.kernel.org/stable/c/2a50e44a66d268ee5db3d177f1fdc1503dbce6e7

https://git.kernel.org/stable/c/dc327e87c6d9bfd9ee08e76396b3c0ba848ec554

https://git.kernel.org/stable/c/4ab1bace1dd3875371b481ef4301c4671bddea22

https://git.kernel.org/stable/c/215792eda008f6a1e7ed9d77fa20d582d22bb114

https://nvd.nist.gov/vuln/detail/CVE-2023-53281

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53281

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53281

EUVD