CVE-2023-53291

{"id": "CVE-2023-53291", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-09-16T08:15:38.313", "references": [{"url": "https://git.kernel.org/stable/c/1dd7547c7610723b2b6afe1a3c4ddb2bde63387c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/23fc8df26dead16687ae6eb47b0561a4a832e2f6", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/29b1da4f90fc42c91beb4e400d926194925ad31b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/604d6a5ff718874904b0fe614878a42b42c0d699", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b8a6ba524d41f4da102e65f90498d9a910839621", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f766d45ab294871a3d588ee76c666852f151cad9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale\n\nRunning the 'kfree_rcu_test' test case [1] results in a splat [2].\nThe root cause is the kfree_scale_thread thread(s) continue running\nafter unloading the rcuscale module. This commit fixes that isue by\ninvoking kfree_scale_cleanup() from rcu_scale_cleanup() when removing\nthe rcuscale module.\n\n[1] modprobe rcuscale kfree_rcu_test=1\n // After some time\n rmmod rcuscale\n rmmod torture\n\n[2] BUG: unable to handle page fault for address: ffffffffc0601a87\n #PF: supervisor instruction fetch in kernel mode\n #PF: error_code(0x0010) - not-present page\n PGD 11de4f067 P4D 11de4f067 PUD 11de51067 PMD 112f4d067 PTE 0\n Oops: 0010 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 1798 Comm: kfree_scale_thr Not tainted 6.3.0-rc1-rcu+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015\n RIP: 0010:0xffffffffc0601a87\n Code: Unable to access opcode bytes at 0xffffffffc0601a5d.\n RSP: 0018:ffffb25bc2e57e18 EFLAGS: 00010297\n RAX: 0000000000000000 RBX: ffffffffc061f0b6 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffffff962fd0de RDI: ffffffff962fd0de\n RBP: ffffb25bc2e57ea8 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000\n R13: 0000000000000000 R14: 000000000000000a R15: 00000000001c1dbe\n FS: 0000000000000000(0000) GS:ffff921fa2200000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffffffc0601a5d CR3: 000000011de4c006 CR4: 0000000000370ee0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n <TASK>\n ? kvfree_call_rcu+0xf0/0x3a0\n ? kthread+0xf3/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ? ret_from_fork+0x1f/0x30\n </TASK>\n Modules linked in: rfkill sunrpc ... [last unloaded: torture]\n CR2: ffffffffc0601a87\n ---[ end trace 0000000000000000 ]---"}], "lastModified": "2025-12-03T16:41:49.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F54A74D-8B6A-483C-8989-0681E4E2B213", "versionEndExcluding": "5.10.188", "versionStartIncluding": "5.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC77775B-EC31-4966-966C-1286C02B2A85", "versionEndExcluding": "5.15.121", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BD1D4A1-304D-4187-8178-6D7C0050B1AF", "versionEndExcluding": "6.1.39", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95CB4836-7F5D-4C20-B025-8E046EC87B78", "versionEndExcluding": "6.3.13", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AB81046-CB69-4115-924C-963B37C41385", "versionEndExcluding": "6.4.4", "versionStartIncluding": "6.4"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}