CVE-2023-54086

EPSS 0.03%
Veröffentlicht 24.12.2025 13:06:16
Zuletzt bearbeitet 29.12.2025 15:58:34
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

bpf: Add preempt_count_{sub,add} into btf id deny list

The recursion check in __bpf_prog_enter* and __bpf_prog_exit*
leave preempt_count_{sub,add} unprotected. When attaching trampoline to
them we get panic as follows,

[  867.843050] BUG: TASK stack guard page was hit at 0000000009d325cf (stack is 0000000046a46a15..00000000537e7b28)
[  867.843064] stack guard page: 0000 [#1] PREEMPT SMP NOPTI
[  867.843067] CPU: 8 PID: 11009 Comm: trace Kdump: loaded Not tainted 6.2.0+ #4
[  867.843100] Call Trace:
[  867.843101]  <TASK>
[  867.843104]  asm_exc_int3+0x3a/0x40
[  867.843108] RIP: 0010:preempt_count_sub+0x1/0xa0
[  867.843135]  __bpf_prog_enter_recur+0x17/0x90
[  867.843148]  bpf_trampoline_6442468108_0+0x2e/0x1000
[  867.843154]  ? preempt_count_sub+0x1/0xa0
[  867.843157]  preempt_count_sub+0x5/0xa0
[  867.843159]  ? migrate_enable+0xac/0xf0
[  867.843164]  __bpf_prog_exit_recur+0x2d/0x40
[  867.843168]  bpf_trampoline_6442468108_0+0x55/0x1000
...
[  867.843788]  preempt_count_sub+0x5/0xa0
[  867.843793]  ? migrate_enable+0xac/0xf0
[  867.843829]  __bpf_prog_exit_recur+0x2d/0x40
[  867.843837] BUG: IRQ stack guard page was hit at 0000000099bd8228 (stack is 00000000b23e2bc4..000000006d95af35)
[  867.843841] BUG: IRQ stack guard page was hit at 000000005ae07924 (stack is 00000000ffd69623..0000000014eb594c)
[  867.843843] BUG: IRQ stack guard page was hit at 00000000028320f0 (stack is 00000000034b6438..0000000078d1bcec)
[  867.843842]  bpf_trampoline_6442468108_0+0x55/0x1000
...

That is because in __bpf_prog_exit_recur, the preempt_count_{sub,add} are
called after prog->active is decreased.

Fixing this by adding these two functions into btf ids deny list.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 095018267c87b8bfbbb12eeb1c0ebf2359e1782c

Version 35e3815fa8102fab4dee75f3547472c66581125d

Status affected

Version < 60039bf72f81638baa28652a11a68e9b0b7b5b2d

Version 35e3815fa8102fab4dee75f3547472c66581125d

Status affected

Version < b9168d41b83d182f34ba927ee822edaee18d5fc8

Version 35e3815fa8102fab4dee75f3547472c66581125d

Status affected

Version < c11bd046485d7bf1ca200db0e7d0bdc4bafdd395

Version 35e3815fa8102fab4dee75f3547472c66581125d

Status affected

Version f5e770c0c60ab8812574a2e0d163b0efa816a825

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.13

Status affected

Version < 5.13

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.113

Status unaffected

Version <= 6.1.*

Version 6.1.30

Status unaffected

Version <= 6.3.*

Version 6.3.4

Status unaffected

Version <= *

Version 6.4

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.064

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/095018267c87b8bfbbb12eeb1c0ebf2359e1782c

https://git.kernel.org/stable/c/60039bf72f81638baa28652a11a68e9b0b7b5b2d

https://git.kernel.org/stable/c/b9168d41b83d182f34ba927ee822edaee18d5fc8

https://git.kernel.org/stable/c/c11bd046485d7bf1ca200db0e7d0bdc4bafdd395

https://nvd.nist.gov/vuln/detail/CVE-2023-54086

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54086

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54086

EUVD