CVE-2023-53577

EPSS 0.02%
Published 04.10.2025 15:17:16
Last modified 06.10.2025 14:56:21
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

bpf, cpumap: Make sure kthread is running before map update returns

The following warning was reported when running stress-mode enabled
xdp_redirect_cpu with some RT threads:

  ------------[ cut here ]------------
  WARNING: CPU: 4 PID: 65 at kernel/bpf/cpumap.c:135
  CPU: 4 PID: 65 Comm: kworker/4:1 Not tainted 6.5.0-rc2+ #1
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
  Workqueue: events cpu_map_kthread_stop
  RIP: 0010:put_cpu_map_entry+0xda/0x220
  ......
  Call Trace:
   <TASK>
   ? show_regs+0x65/0x70
   ? __warn+0xa5/0x240
   ......
   ? put_cpu_map_entry+0xda/0x220
   cpu_map_kthread_stop+0x41/0x60
   process_one_work+0x6b0/0xb80
   worker_thread+0x96/0x720
   kthread+0x1a5/0x1f0
   ret_from_fork+0x3a/0x70
   ret_from_fork_asm+0x1b/0x30
   </TASK>

The root cause is the same as commit 436901649731 ("bpf: cpumap: Fix memory
leak in cpu_map_update_elem"). The kthread is stopped prematurely by
kthread_stop() in cpu_map_kthread_stop(), and kthread() doesn't call
cpu_map_kthread_run() at all but XDP program has already queued some
frames or skbs into ptr_ring. So when __cpu_map_ring_cleanup() checks
the ptr_ring, it will find it was not emptied and report a warning.

An alternative fix is to use __cpu_map_ring_cleanup() to drop these
pending frames or skbs when kthread_stop() returns -EINTR, but it may
confuse the user, because these frames or skbs have been handled
correctly by XDP program. So instead of dropping these frames or skbs,
just make sure the per-cpu kthread is running before
__cpu_map_entry_alloc() returns.

After apply the fix, the error handle for kthread_stop() will be
unnecessary because it will always return 0, so just remove it.

Affected products Warnungen 0 Metrics 1 CWE 0 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < b44d28b98f185d2f2348aa3c3636838c316f889e

Version 6710e1126934d8b4372b4d2f9ae1646cd3f151bf

Status affected

Version < 7a1178a3671b40746830d355836b72e47ceb2490

Version 6710e1126934d8b4372b4d2f9ae1646cd3f151bf

Status affected

Version < ecb45b852af5e88257020b88bea5ff0798d72aca

Version 6710e1126934d8b4372b4d2f9ae1646cd3f151bf

Status affected

Version < 640a604585aa30f93e39b17d4d6ba69fcb1e66c9

Version 6710e1126934d8b4372b4d2f9ae1646cd3f151bf

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 4.15

Status affected

Version < 4.15

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.126

Status unaffected

Version <= 6.1.*

Version 6.1.45

Status unaffected

Version <= 6.4.*

Version 6.4.10

Status unaffected

Version <= *

Version 6.5

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/b44d28b98f185d2f2348aa3c3636838c316f889e

https://git.kernel.org/stable/c/7a1178a3671b40746830d355836b72e47ceb2490

https://git.kernel.org/stable/c/ecb45b852af5e88257020b88bea5ff0798d72aca

https://git.kernel.org/stable/c/640a604585aa30f93e39b17d4d6ba69fcb1e66c9

https://nvd.nist.gov/vuln/detail/CVE-2023-53577

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53577

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53577

EUVD