CVE-2023-53419
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-18

Last updated on: 2025-12-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access For kernels built with CONFIG_PREEMPT_RCU=y, the following scenario can result in a NULL-pointer dereference: CPU1 CPU2 rcu_preempt_deferred_qs_irqrestore rcu_print_task_exp_stall if (special.b.blocked) READ_ONCE(rnp->exp_tasks) != NULL raw_spin_lock_rcu_node np = rcu_next_node_entry(t, rnp) if (&t->rcu_node_entry == rnp->exp_tasks) WRITE_ONCE(rnp->exp_tasks, np) .... raw_spin_unlock_irqrestore_rcu_node raw_spin_lock_irqsave_rcu_node t = list_entry(rnp->exp_tasks->prev, struct task_struct, rcu_node_entry) (if rnp->exp_tasks is NULL, this will dereference a NULL pointer) The problem is that CPU2 accesses the rcu_node structure's->exp_tasks field without holding the rcu_node structure's ->lock and CPU2 did not observe CPU1's change to rcu_node structure's ->exp_tasks in time. Therefore, if CPU1 sets rcu_node structure's->exp_tasks pointer to NULL, then CPU2 might dereference that NULL pointer. This commit therefore holds the rcu_node structure's ->lock while accessing that structure's->exp_tasks field. [ paulmck: Apply Frederic Weisbecker feedback. ]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-18
Last Modified
2025-12-11
Generated
2026-06-16
AI Q&A
2025-09-18
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53419
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel to 5.10.181 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.113 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.30 (exc)
linux linux_kernel From 6.2 (inc) to 6.3.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel when built with CONFIG_PREEMPT_RCU=y. It involves a race condition between two CPUs accessing the rcu_node structure's exp_tasks field. CPU1 may set the exp_tasks pointer to NULL while holding a lock, but CPU2 accesses this field without holding the lock and may not see the update in time. As a result, CPU2 can dereference a NULL pointer, leading to a potential crash or undefined behavior. The fix involves ensuring that the lock is held while accessing the exp_tasks field to prevent this NULL-pointer dereference.

Impact Analysis

This vulnerability can cause a NULL-pointer dereference in the Linux kernel, which may lead to system crashes, instability, or denial of service. If exploited or triggered, it could disrupt normal system operations, potentially affecting availability and reliability of systems running affected kernel versions.

Mitigation Strategies

The vulnerability is resolved by applying a patch that holds the rcu_node structure's lock while accessing the exp_tasks field to prevent NULL-pointer dereference. Immediate mitigation involves updating the Linux kernel to a version that includes this fix, especially for kernels built with CONFIG_PREEMPT_RCU=y.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53419. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart