-
CVE-2023-53728
- EPSS 0.04%
- Veröffentlicht 22.10.2025 13:23:57
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
posix-timers: Ensure timer ID search-loop limit is valid
In the Linux kernel, the following vulnerability has been resolved:
posix-timers: Ensure timer ID search-loop limit is valid
posix_timer_add() tries to allocate a posix timer ID by starting from the
cached ID which was stored by the last successful allocation.
This is done in a loop searching the ID space for a free slot one by
one. The loop has to terminate when the search wrapped around to the
starting point.
But that's racy vs. establishing the starting point. That is read out
lockless, which leads to the following problem:
CPU0 CPU1
posix_timer_add()
start = sig->posix_timer_id;
lock(hash_lock);
... posix_timer_add()
if (++sig->posix_timer_id < 0)
start = sig->posix_timer_id;
sig->posix_timer_id = 0;
So CPU1 can observe a negative start value, i.e. -1, and the loop break
never happens because the condition can never be true:
if (sig->posix_timer_id == start)
break;
While this is unlikely to ever turn into an endless loop as the ID space is
huge (INT_MAX), the racy read of the start value caught the attention of
KCSAN and Dmitry unearthed that incorrectness.
Rewrite it so that all id operations are under the hash lock.Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version
5ed67f05f66c41e39880a6d61358438a25f9fee5
Version <
8dc52c200b889bc1cb34288fbf623d4ff381d2ae
Status
affected
Version
5ed67f05f66c41e39880a6d61358438a25f9fee5
Version <
9ea26a8494a0a9337e7415eafd6f3ed940327dc5
Status
affected
Version
5ed67f05f66c41e39880a6d61358438a25f9fee5
Version <
8ad6679a5bb97cdb3e14942729292b4bfcc0e223
Status
affected
Version
5ed67f05f66c41e39880a6d61358438a25f9fee5
Version <
322377cc909defcca9451487484845e7e1d20d1b
Status
affected
Version
5ed67f05f66c41e39880a6d61358438a25f9fee5
Version <
ef535e0315afd098c4beb1da364847eca4b56a20
Status
affected
Version
5ed67f05f66c41e39880a6d61358438a25f9fee5
Version <
6a0ac84501b4fec73a1a823c55cf13584c43f418
Status
affected
Version
5ed67f05f66c41e39880a6d61358438a25f9fee5
Version <
37175e25edf7cc0d5a2cd2c2a1cbe2dcbf4a1937
Status
affected
Version
5ed67f05f66c41e39880a6d61358438a25f9fee5
Version <
8ce8849dd1e78dadcee0ec9acbd259d239b7069f
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
3.10
Status
affected
Version
0
Version <
3.10
Status
unaffected
Version <=
4.14.*
Version
4.14.322
Status
unaffected
Version <=
4.19.*
Version
4.19.291
Status
unaffected
Version <=
5.4.*
Version
5.4.251
Status
unaffected
Version <=
5.10.*
Version
5.10.188
Status
unaffected
Version <=
5.15.*
Version
5.15.150
Status
unaffected
Version <=
6.1.*
Version
6.1.107
Status
unaffected
Version <=
6.4.*
Version
6.4.7
Status
unaffected
Version <=
*
Version
6.5
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.121 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|