CVE-2023-53291
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-16

Last updated on: 2025-12-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale Running the 'kfree_rcu_test' test case [1] results in a splat [2]. The root cause is the kfree_scale_thread thread(s) continue running after unloading the rcuscale module. This commit fixes that isue by invoking kfree_scale_cleanup() from rcu_scale_cleanup() when removing the rcuscale module. [1] modprobe rcuscale kfree_rcu_test=1 // After some time rmmod rcuscale rmmod torture [2] BUG: unable to handle page fault for address: ffffffffc0601a87 #PF: supervisor instruction fetch in kernel mode #PF: error_code(0x0010) - not-present page PGD 11de4f067 P4D 11de4f067 PUD 11de51067 PMD 112f4d067 PTE 0 Oops: 0010 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 1798 Comm: kfree_scale_thr Not tainted 6.3.0-rc1-rcu+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015 RIP: 0010:0xffffffffc0601a87 Code: Unable to access opcode bytes at 0xffffffffc0601a5d. RSP: 0018:ffffb25bc2e57e18 EFLAGS: 00010297 RAX: 0000000000000000 RBX: ffffffffc061f0b6 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff962fd0de RDI: ffffffff962fd0de RBP: ffffb25bc2e57ea8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: 000000000000000a R15: 00000000001c1dbe FS: 0000000000000000(0000) GS:ffff921fa2200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffc0601a5d CR3: 000000011de4c006 CR4: 0000000000370ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? kvfree_call_rcu+0xf0/0x3a0 ? kthread+0xf3/0x120 ? kthread_complete_and_exit+0x20/0x20 ? ret_from_fork+0x1f/0x30 </TASK> Modules linked in: rfkill sunrpc ... [last unloaded: torture] CR2: ffffffffc0601a87 ---[ end trace 0000000000000000 ]---
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2025-12-03
Generated
2026-05-27
AI Q&A
2025-09-16
EPSS Evaluated
2026-05-25
NVD
CVE-2023-53291
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.6 (inc) to 5.10.188 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.121 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.39 (exc)
linux linux_kernel From 6.2 (inc) to 6.3.13 (exc)
linux linux_kernel From 6.4 (inc) to 6.4.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's rcuscale module where the kfree_scale_thread thread(s) continue running even after the rcuscale module has been unloaded. This leads to a kernel crash (splat) due to a page fault when the running thread tries to access memory that is no longer valid. The issue is fixed by ensuring that the kfree_scale_cleanup() function is called during the removal of the rcuscale module, stopping the thread(s) properly.


How can this vulnerability impact me? :

This vulnerability can cause a kernel crash (splat) resulting in system instability or downtime. If the rcuscale module is unloaded while the kfree_scale_thread thread(s) are still running, it can lead to a page fault and kernel panic, potentially disrupting normal system operations.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by running the 'kfree_rcu_test' test case with the rcuscale module loaded and then unloading the module to observe if a kernel crash (splat) occurs. The suggested commands are: 1. modprobe rcuscale kfree_rcu_test=1 2. After some time, run: rmmod rcuscale 3. Then run: rmmod torture If the system experiences a kernel BUG or page fault similar to the described splat, the vulnerability is present.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves applying the fix that stops the kfree_scale_thread thread(s) after unloading the rcuscale module. This is done by ensuring the kernel includes the patch that invokes kfree_scale_cleanup() from rcu_scale_cleanup() when removing the rcuscale module. Until the fix is applied, avoid unloading the rcuscale module after running the kfree_rcu_test to prevent kernel crashes.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart