CVE-2023-53590

EPSS 0.02%
Veröffentlicht 04.10.2025 15:44:04
Zuletzt bearbeitet 06.10.2025 14:56:21
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop

With this refcnt added in sctp_stream_priorities, we don't need to
traverse all streams to check if the prio is used by other streams
when freeing one stream's prio in sctp_sched_prio_free_sid(). This
can avoid a nested loop (up to 65535 * 65535), which may cause a
stuck as Ying reported:

    watchdog: BUG: soft lockup - CPU#23 stuck for 26s! [ksoftirqd/23:136]
    Call Trace:
     <TASK>
     sctp_sched_prio_free_sid+0xab/0x100 [sctp]
     sctp_stream_free_ext+0x64/0xa0 [sctp]
     sctp_stream_free+0x31/0x50 [sctp]
     sctp_association_free+0xa5/0x200 [sctp]

Note that it doesn't need to use refcount_t type for this counter,
as its accessing is always protected under the sock lock.

v1->v2:
 - add a check in sctp_sched_prio_set to avoid the possible prio_head
   refcnt overflow.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < cec326443f01283ef68ea00c06ea073b1835a562

Version a7555681e50bdebed2c40ff7404ee73c2e932993

Status affected

Version < 8ee401f89cdb10f39098c0656d695b2bc4052100

Version 176ee6c673ccd118e9392fd2dbb165423bdb99ca

Status affected

Version < bf5540cbd20e2dae2c81ab9b31deef41ef147d0a

Version 0dfb9a566327182387c90100ea54d8426cee8c67

Status affected

Version < 03c3a5584a0a29821e59b7834635ce823050caaa

Version 9ed7bfc79542119ac0a9e1ce8a2a5285e43433e9

Status affected

Version < 6d529928ea212127851a2df8c40d822237ca946b

Version 9ed7bfc79542119ac0a9e1ce8a2a5285e43433e9

Status affected

Version < 68ba44639537de6f91fe32783766322d41848127

Version 9ed7bfc79542119ac0a9e1ce8a2a5285e43433e9

Status affected

Version fa20f88271259d42ebe66f0a8c4c20199e888c99

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.1

Status affected

Version < 6.1

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.235

Status unaffected

Version <= 5.10.*

Version 5.10.173

Status unaffected

Version <= 5.15.*

Version 5.15.100

Status unaffected

Version <= 6.1.*

Version 6.1.18

Status unaffected

Version <= 6.2.*

Version 6.2.5

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.053

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/cec326443f01283ef68ea00c06ea073b1835a562

https://git.kernel.org/stable/c/8ee401f89cdb10f39098c0656d695b2bc4052100

https://git.kernel.org/stable/c/bf5540cbd20e2dae2c81ab9b31deef41ef147d0a

https://git.kernel.org/stable/c/03c3a5584a0a29821e59b7834635ce823050caaa

https://git.kernel.org/stable/c/6d529928ea212127851a2df8c40d822237ca946b

https://git.kernel.org/stable/c/68ba44639537de6f91fe32783766322d41848127

https://nvd.nist.gov/vuln/detail/CVE-2023-53590

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53590

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53590

EUVD