-
CVE-2023-53590
- EPSS 0.02%
- Published 04.10.2025 15:44:04
- Last modified 06.10.2025 14:56:21
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved:
sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop
With this refcnt added in sctp_stream_priorities, we don't need to
traverse all streams to check if the prio is used by other streams
when freeing one stream's prio in sctp_sched_prio_free_sid(). This
can avoid a nested loop (up to 65535 * 65535), which may cause a
stuck as Ying reported:
watchdog: BUG: soft lockup - CPU#23 stuck for 26s! [ksoftirqd/23:136]
Call Trace:
<TASK>
sctp_sched_prio_free_sid+0xab/0x100 [sctp]
sctp_stream_free_ext+0x64/0xa0 [sctp]
sctp_stream_free+0x31/0x50 [sctp]
sctp_association_free+0xa5/0x200 [sctp]
Note that it doesn't need to use refcount_t type for this counter,
as its accessing is always protected under the sock lock.
v1->v2:
- add a check in sctp_sched_prio_set to avoid the possible prio_head
refcnt overflow.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
cec326443f01283ef68ea00c06ea073b1835a562
Version
a7555681e50bdebed2c40ff7404ee73c2e932993
Status
affected
Version <
8ee401f89cdb10f39098c0656d695b2bc4052100
Version
176ee6c673ccd118e9392fd2dbb165423bdb99ca
Status
affected
Version <
bf5540cbd20e2dae2c81ab9b31deef41ef147d0a
Version
0dfb9a566327182387c90100ea54d8426cee8c67
Status
affected
Version <
03c3a5584a0a29821e59b7834635ce823050caaa
Version
9ed7bfc79542119ac0a9e1ce8a2a5285e43433e9
Status
affected
Version <
6d529928ea212127851a2df8c40d822237ca946b
Version
9ed7bfc79542119ac0a9e1ce8a2a5285e43433e9
Status
affected
Version <
68ba44639537de6f91fe32783766322d41848127
Version
9ed7bfc79542119ac0a9e1ce8a2a5285e43433e9
Status
affected
Version
fa20f88271259d42ebe66f0a8c4c20199e888c99
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
6.1
Status
affected
Version <
6.1
Version
0
Status
unaffected
Version <=
5.4.*
Version
5.4.235
Status
unaffected
Version <=
5.10.*
Version
5.10.173
Status
unaffected
Version <=
5.15.*
Version
5.15.100
Status
unaffected
Version <=
6.1.*
Version
6.1.18
Status
unaffected
Version <=
6.2.*
Version
6.2.5
Status
unaffected
Version <=
*
Version
6.3
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.053 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|