CVE-2023-53169

{"id": "CVE-2023-53169", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-09-15T14:15:38.693", "references": [{"url": "https://git.kernel.org/stable/c/0424a7dfe9129b93f29b277511a60e87f052ac6b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3fc5941ecc31a495b6b84b465f36155009db99b5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/86db319d25db70cf4af4557e05f6fa6f39c70003", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8ecc60ef9318f0d533b866fa421858cc185bccfc", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/resctrl: Clear staged_config[] before and after it is used\n\nAs a temporary storage, staged_config[] in rdt_domain should be cleared\nbefore and after it is used. The stale value in staged_config[] could\ncause an MSR access error.\n\nHere is a reproducer on a system with 16 usable CLOSIDs for a 15-way L3\nCache (MBA should be disabled if the number of CLOSIDs for MB is less than\n16.) :\n\tmount -t resctrl resctrl -o cdp /sys/fs/resctrl\n\tmkdir /sys/fs/resctrl/p{1..7}\n\tumount /sys/fs/resctrl/\n\tmount -t resctrl resctrl /sys/fs/resctrl\n\tmkdir /sys/fs/resctrl/p{1..8}\n\nAn error occurs when creating resource group named p8:\n unchecked MSR access error: WRMSR to 0xca0 (tried to write 0x00000000000007ff) at rIP: 0xffffffff82249142 (cat_wrmsr+0x32/0x60)\n Call Trace:\n <IRQ>\n __flush_smp_call_function_queue+0x11d/0x170\n __sysvec_call_function+0x24/0xd0\n sysvec_call_function+0x89/0xc0\n </IRQ>\n <TASK>\n asm_sysvec_call_function+0x16/0x20\n\nWhen creating a new resource control group, hardware will be configured\nby the following process:\n rdtgroup_mkdir()\n rdtgroup_mkdir_ctrl_mon()\n rdtgroup_init_alloc()\n resctrl_arch_update_domains()\n\nresctrl_arch_update_domains() iterates and updates all resctrl_conf_type\nwhose have_new_ctrl is true. Since staged_config[] holds the same values as\nwhen CDP was enabled, it will continue to update the CDP_CODE and CDP_DATA\nconfigurations. When group p8 is created, get_config_index() called in\nresctrl_arch_update_domains() will return 16 and 17 as the CLOSIDs for\nCDP_CODE and CDP_DATA, which will be translated to an invalid register -\n0xca0 in this scenario.\n\nFix it by clearing staged_config[] before and after it is used.\n\n[reinette: re-order commit tags]"}], "lastModified": "2025-12-02T19:06:38.720", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D70CE96A-7C20-4A64-9A02-5282F973E379", "versionEndExcluding": "5.15.104", "versionStartIncluding": "5.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F1CA6A9-8F4D-408D-9116-868EC067DCD9", "versionEndExcluding": "6.1.21", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4011EC6B-7786-4709-B765-186FA31D6F7F", "versionEndExcluding": "6.2.8", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8E3B0E8-FA27-4305-87BB-AF6C25B160CB"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A47F0FC3-CE52-4BA1-BA51-22F783938431"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}