CVE-2023-53713
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-22

Last updated on: 2025-10-22

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: arm64: sme: Use STR P to clear FFR context field in streaming SVE mode The FFR is a predicate register which can vary between 16 and 256 bits in size depending upon the configured vector length. When saving the SVE state in streaming SVE mode, the FFR register is inaccessible and so commit 9f5848665788 ("arm64/sve: Make access to FFR optional") simply clears the FFR field of the in-memory context structure. Unfortunately, it achieves this using an unconditional 8-byte store and so if the SME vector length is anything other than 64 bytes in size we will either fail to clear the entire field or, worse, we will corrupt memory immediately following the structure. This has led to intermittent kfence splats in CI [1] and can trigger kmalloc Redzone corruption messages when running the 'fp-stress' kselftest: | ============================================================================= | BUG kmalloc-1k (Not tainted): kmalloc Redzone overwritten | ----------------------------------------------------------------------------- | | 0xffff000809bf1e22-0xffff000809bf1e27 @offset=7714. First byte 0x0 instead of 0xcc | Allocated in do_sme_acc+0x9c/0x220 age=2613 cpu=1 pid=531 | __kmalloc+0x8c/0xcc | do_sme_acc+0x9c/0x220 | ... Replace the 8-byte store with a store of a predicate register which has been zero-initialised with PFALSE, ensuring that the entire field is cleared in memory. [1] https://lore.kernel.org/r/CA+G9fYtU7HsV0R0dp4XEH5xXHSJFw8KyDf5VQrLLfMxWfxQkag@mail.gmail.com
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-22
Last Modified
2025-10-22
Generated
2026-05-07
AI Q&A
2025-10-22
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53713
EUVD
EUVD-2023-60015
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's arm64 architecture related to the SME (Scalable Matrix Extension) and streaming SVE (Scalable Vector Extension) mode. The issue arises because the FFR (First Fault Register), a predicate register whose size varies depending on the vector length, was not properly cleared in memory when saving the SVE state. The original fix used an unconditional 8-byte store to clear the FFR field, which either failed to clear the entire field or corrupted adjacent memory if the SME vector length was not 64 bytes. This could cause memory corruption and kernel faults. The vulnerability was fixed by replacing the 8-byte store with a store of a zero-initialized predicate register, ensuring the entire FFR field is properly cleared in memory.


How can this vulnerability impact me? :

This vulnerability can lead to memory corruption in the Linux kernel, which may cause intermittent kernel faults (kfence splats) and trigger memory corruption detection messages such as kmalloc Redzone overwrites. This can result in system instability, crashes, or unpredictable behavior when running workloads that use the affected SME streaming SVE mode, potentially impacting system reliability and security.


What immediate steps should I take to mitigate this vulnerability?

Apply the updated Linux kernel patch that replaces the unconditional 8-byte store with a store of a zero-initialised predicate register (PFALSE) to ensure the entire FFR field is cleared in memory, preventing memory corruption. Until the patch is applied, avoid running workloads or tests that trigger the vulnerability, such as the 'fp-stress' kselftest, to reduce the risk of kmalloc Redzone corruption.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart