-
CVE-2023-53728
- EPSS 0.04%
- Veröffentlicht 22.10.2025 13:23:57
- Zuletzt bearbeitet 22.10.2025 21:12:48
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
In the Linux kernel, the following vulnerability has been resolved:
posix-timers: Ensure timer ID search-loop limit is valid
posix_timer_add() tries to allocate a posix timer ID by starting from the
cached ID which was stored by the last successful allocation.
This is done in a loop searching the ID space for a free slot one by
one. The loop has to terminate when the search wrapped around to the
starting point.
But that's racy vs. establishing the starting point. That is read out
lockless, which leads to the following problem:
CPU0 CPU1
posix_timer_add()
start = sig->posix_timer_id;
lock(hash_lock);
... posix_timer_add()
if (++sig->posix_timer_id < 0)
start = sig->posix_timer_id;
sig->posix_timer_id = 0;
So CPU1 can observe a negative start value, i.e. -1, and the loop break
never happens because the condition can never be true:
if (sig->posix_timer_id == start)
break;
While this is unlikely to ever turn into an endless loop as the ID space is
huge (INT_MAX), the racy read of the start value caught the attention of
KCSAN and Dmitry unearthed that incorrectness.
Rewrite it so that all id operations are under the hash lock.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
8dc52c200b889bc1cb34288fbf623d4ff381d2ae
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
9ea26a8494a0a9337e7415eafd6f3ed940327dc5
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
8ad6679a5bb97cdb3e14942729292b4bfcc0e223
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
322377cc909defcca9451487484845e7e1d20d1b
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
ef535e0315afd098c4beb1da364847eca4b56a20
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
6a0ac84501b4fec73a1a823c55cf13584c43f418
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
37175e25edf7cc0d5a2cd2c2a1cbe2dcbf4a1937
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
8ce8849dd1e78dadcee0ec9acbd259d239b7069f
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version <=
4.14.*
Version
4.14.322
Status
unaffected
Version <=
4.19.*
Version
4.19.291
Status
unaffected
Version <=
5.4.*
Version
5.4.251
Status
unaffected
Version <=
5.10.*
Version
5.10.188
Status
unaffected
Version <=
5.15.*
Version
5.15.150
Status
unaffected
Version <=
6.1.*
Version
6.1.107
Status
unaffected
Version <=
6.4.*
Version
6.4.7
Status
unaffected
Version <=
*
Version
6.5
Status
unaffected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.096 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|