CVE-2023-53614
BaseFortify
Publication date: 2025-10-04
Last updated on: 2026-03-17
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.3 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-362 | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a race condition in the Linux kernel's memory management subsystem, specifically in the Kernel Samepage Merging (KSM) feature. The issue occurs during the teardown of virtual memory areas (VMAs) and the associated maple tree data structure. The problem arises because the maple tree can be destroyed while it is still being iterated over, leading to potential dereferencing of invalid memory and lock dependency warnings. The fix ensures that the maple tree is still valid before iterating by checking the state after acquiring the mmap_lock in read mode, thus preventing unsafe access.
How can this vulnerability impact me? :
This vulnerability can lead to race conditions that may cause kernel instability or crashes due to invalid memory access when the maple tree is destroyed while being accessed. It could also trigger lock dependency warnings, which indicate potential deadlocks or synchronization issues in the kernel. While no direct exploitation details are provided, such kernel-level issues can impact system reliability and security.