CVE-2023-53519
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-01

Last updated on: 2026-04-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: add lock to protect parameter num_rdy Getting below error when using KCSAN to check the driver. Adding lock to protect parameter num_rdy when getting the value with function: v4l2_m2m_num_src_bufs_ready/v4l2_m2m_num_dst_bufs_ready. kworker/u16:3: [name:report&]BUG: KCSAN: data-race in v4l2_m2m_buf_queue kworker/u16:3: [name:report&] kworker/u16:3: [name:report&]read-write to 0xffffff8105f35b94 of 1 bytes by task 20865 on cpu 7: kworker/u16:3:Β  v4l2_m2m_buf_queue+0xd8/0x10c
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-01
Last Modified
2026-04-06
Generated
2026-06-16
AI Q&A
2025-10-01
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53519
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a data race condition in the Linux kernel's media subsystem, specifically in the v4l2-mem2mem driver. It occurs because the parameter 'num_rdy' is accessed without proper locking, leading to concurrent read-write operations that can cause unpredictable behavior or crashes. The issue was detected using KCSAN (Kernel Concurrency Sanitizer) and fixed by adding a lock to protect 'num_rdy' during access.

Impact Analysis

This vulnerability can cause instability or crashes in the Linux kernel's media subsystem when using the v4l2-mem2mem driver. It may lead to unpredictable behavior in applications relying on video memory-to-memory operations, potentially affecting system reliability and performance.

Detection Guidance

This vulnerability can be detected by using KCSAN (Kernel Concurrency Sanitizer) to check the v4l2-mem2mem driver for data races. The error messages to look for include BUG reports indicating data-race in v4l2_m2m_buf_queue, such as: 'BUG: KCSAN: data-race in v4l2_m2m_buf_queue' and read-write conflicts on the parameter num_rdy. Specific commands would involve running KCSAN-enabled kernel tests targeting the v4l2-mem2mem driver, but exact commands are not provided in the available information.

Mitigation Strategies

Immediate mitigation involves applying the patch that adds a lock to protect the parameter num_rdy in the v4l2-mem2mem driver, specifically in the functions v4l2_m2m_num_src_bufs_ready and v4l2_m2m_num_dst_bufs_ready. Until the patch is applied, avoid using the affected driver features that trigger the data race. No other specific mitigation steps are provided.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53519. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart