CVE-2023-53501
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-01

Last updated on: 2025-10-02

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: iommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind When unbinding pasid - a race condition exists vs outstanding page faults. To prevent this, the pasid_state object contains a refcount. * set to 1 on pasid bind * incremented on each ppr notification start * decremented on each ppr notification done * decremented on pasid unbind Since refcount_dec assumes that refcount will never reach 0: the current implementation causes the following to be invoked on pasid unbind: REFCOUNT_WARN("decrement hit 0; leaking memory") Fix this issue by changing refcount_dec to refcount_dec_and_test to explicitly handle refcount=1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-01
Last Modified
2025-10-02
Generated
2026-06-16
AI Q&A
2025-10-01
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53501
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a race condition in the Linux kernel's AMD IOMMU pasid handling. Specifically, when unbinding a pasid (Process Address Space ID), the reference count (refcount) of the pasid_state object can be decremented incorrectly, causing a warning and potential memory leak. The refcount is used to track usage and is expected never to reach zero during unbind, but due to the race condition with outstanding page faults, it can hit zero, triggering a warning. The fix changes the decrement function to properly handle the case when the refcount reaches one.

Impact Analysis

This vulnerability can lead to memory leaks in the Linux kernel when unbinding pasid due to incorrect reference count handling. While it triggers a warning, it may cause instability or resource exhaustion over time if the memory leak accumulates, potentially affecting system reliability.

Mitigation Strategies

Apply the patch or update to the fixed version of the Linux kernel that includes the correction for the pasid_state refcount decrement issue. This fix changes the refcount decrement function to properly handle the refcount reaching zero, preventing the race condition and warning. Until patched, monitor kernel logs for REFCOUNT_WARN messages related to pasid unbind operations as an indicator of the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53501. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart