CVE-2023-53169
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-12-02

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Clear staged_config[] before and after it is used As a temporary storage, staged_config[] in rdt_domain should be cleared before and after it is used. The stale value in staged_config[] could cause an MSR access error. Here is a reproducer on a system with 16 usable CLOSIDs for a 15-way L3 Cache (MBA should be disabled if the number of CLOSIDs for MB is less than 16.) : mount -t resctrl resctrl -o cdp /sys/fs/resctrl mkdir /sys/fs/resctrl/p{1..7} umount /sys/fs/resctrl/ mount -t resctrl resctrl /sys/fs/resctrl mkdir /sys/fs/resctrl/p{1..8} An error occurs when creating resource group named p8: unchecked MSR access error: WRMSR to 0xca0 (tried to write 0x00000000000007ff) at rIP: 0xffffffff82249142 (cat_wrmsr+0x32/0x60) Call Trace: <IRQ> __flush_smp_call_function_queue+0x11d/0x170 __sysvec_call_function+0x24/0xd0 sysvec_call_function+0x89/0xc0 </IRQ> <TASK> asm_sysvec_call_function+0x16/0x20 When creating a new resource control group, hardware will be configured by the following process: rdtgroup_mkdir() rdtgroup_mkdir_ctrl_mon() rdtgroup_init_alloc() resctrl_arch_update_domains() resctrl_arch_update_domains() iterates and updates all resctrl_conf_type whose have_new_ctrl is true. Since staged_config[] holds the same values as when CDP was enabled, it will continue to update the CDP_CODE and CDP_DATA configurations. When group p8 is created, get_config_index() called in resctrl_arch_update_domains() will return 16 and 17 as the CLOSIDs for CDP_CODE and CDP_DATA, which will be translated to an invalid register - 0xca0 in this scenario. Fix it by clearing staged_config[] before and after it is used. [reinette: re-order commit tags]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-12-02
Generated
2026-05-07
AI Q&A
2025-09-15
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53169
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15 (inc) to 5.15.104 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.21 (exc)
linux linux_kernel From 6.2 (inc) to 6.2.8 (exc)
linux linux_kernel 6.3
linux linux_kernel 6.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel's x86 resctrl subsystem occurs because a temporary storage array, staged_config[], in rdt_domain is not cleared before and after use. This causes stale values to persist, leading to an MSR (Model-Specific Register) access error when creating new resource control groups. Specifically, when creating a new group, the system tries to write to an invalid MSR register due to outdated staged_config[] values, causing an unchecked MSR access error.


How can this vulnerability impact me? :

The impact of this vulnerability is that attempts to create new resource control groups in the Linux kernel can fail with an MSR access error. This can disrupt the configuration of hardware resource controls, potentially causing system instability or failure in managing resource allocation properly.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by attempting to reproduce the error when creating resource control groups using the resctrl filesystem. The provided reproducer commands are: mount -t resctrl resctrl -o cdp /sys/fs/resctrl mkdir /sys/fs/resctrl/p{1..7} umount /sys/fs/resctrl/ mount -t resctrl resctrl /sys/fs/resctrl mkdir /sys/fs/resctrl/p{1..8} If an error occurs when creating the resource group named p8, such as an unchecked MSR access error (WRMSR to 0xca0), it indicates the presence of the vulnerability.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves ensuring that the Linux kernel is updated to a version where the staged_config[] array in rdt_domain is properly cleared before and after use, as per the fix described. Additionally, disabling MBA (Memory Bandwidth Allocation) if the number of CLOSIDs for MB is less than 16 can help avoid triggering the issue during resource group creation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart