CVE-2023-53694
Awaiting Analysis Awaiting Analysis - Queue

BaseFortify

Vulnerability report for CVE-2023-53694, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-22

Last updated on: 2025-10-22

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: riscv: ftrace: Fixup panic by disabling preemption In RISCV, we must use an AUIPC + JALR pair to encode an immediate, forming a jump that jumps to an address over 4K. This may cause errors if we want to enable kernel preemption and remove dependency from patching code with stop_machine(). For example, if a task was switched out on auipc. And, if we changed the ftrace function before it was switched back, then it would jump to an address that has updated 11:0 bits mixing with previous XLEN:12 part. p: patched area performed by dynamic ftrace ftrace_prologue: p| REG_S ra, -SZREG(sp) p| auipc ra, 0x? ------------> preempted ... change ftrace function ... p| jalr -?(ra) <------------- switched back p| REG_L ra, -SZREG(sp) func: xxx ret

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-22
Last Modified
2025-10-22
Generated
2026-07-06
AI Q&A
2025-10-22
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's RISCV architecture involves the ftrace function and how it handles kernel preemption. Specifically, the use of an AUIPC + JALR instruction pair to encode a jump over 4K can cause errors if kernel preemption is enabled. If a task is switched out during the AUIPC instruction and the ftrace function is changed before the task switches back, the jump address may become corrupted by mixing bits from the updated function and previous state, potentially causing a kernel panic. The fix involves disabling preemption to avoid this issue.

Impact Analysis

This vulnerability can cause a kernel panic in systems running the RISCV Linux kernel with ftrace and kernel preemption enabled. A kernel panic leads to a system crash, causing downtime and potential data loss or service interruption.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53694. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart