CVE-2023-54045
Unknown Unknown - Not Provided
Soft Lockup in Linux Kernel Audit Causes System Hang

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: audit: fix possible soft lockup in __audit_inode_child() Tracefs or debugfs maybe cause hundreds to thousands of PATH records, too many PATH records maybe cause soft lockup. For example: 1. CONFIG_KASAN=y && CONFIG_PREEMPTION=n 2. auditctl -a exit,always -S open -k key 3. sysctl -w kernel.watchdog_thresh=5 4. mkdir /sys/kernel/debug/tracing/instances/test There may be a soft lockup as follows: watchdog: BUG: soft lockup - CPU#45 stuck for 7s! [mkdir:15498] Kernel panic - not syncing: softlockup: hung tasks Call trace: dump_backtrace+0x0/0x30c show_stack+0x20/0x30 dump_stack+0x11c/0x174 panic+0x27c/0x494 watchdog_timer_fn+0x2bc/0x390 __run_hrtimer+0x148/0x4fc __hrtimer_run_queues+0x154/0x210 hrtimer_interrupt+0x2c4/0x760 arch_timer_handler_phys+0x48/0x60 handle_percpu_devid_irq+0xe0/0x340 __handle_domain_irq+0xbc/0x130 gic_handle_irq+0x78/0x460 el1_irq+0xb8/0x140 __audit_inode_child+0x240/0x7bc tracefs_create_file+0x1b8/0x2a0 trace_create_file+0x18/0x50 event_create_dir+0x204/0x30c __trace_add_new_event+0xac/0x100 event_trace_add_tracer+0xa0/0x130 trace_array_create_dir+0x60/0x140 trace_array_create+0x1e0/0x370 instance_mkdir+0x90/0xd0 tracefs_syscall_mkdir+0x68/0xa0 vfs_mkdir+0x21c/0x34c do_mkdirat+0x1b4/0x1d4 __arm64_sys_mkdirat+0x4c/0x60 el0_svc_common.constprop.0+0xa8/0x240 do_el0_svc+0x8c/0xc0 el0_svc+0x20/0x30 el0_sync_handler+0xb0/0xb4 el0_sync+0x160/0x180 Therefore, we add cond_resched() to __audit_inode_child() to fix it.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2023-54045
EUVD
EUVD-2023-60281
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a possible soft lockup in the Linux kernel's audit subsystem, specifically in the __audit_inode_child() function. When using tracefs or debugfs, creating many PATH records can cause the system to become unresponsive (soft lockup), potentially leading to a kernel panic. The issue occurs under certain configurations and conditions, such as when CONFIG_KASAN is enabled and CONFIG_PREEMPTION is disabled, and when audit rules are set to always log open system calls. The fix involved adding a conditional reschedule (cond_resched()) call to the __audit_inode_child() function to prevent the CPU from being stuck.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to experience a soft lockup, where the CPU becomes stuck for several seconds, leading to system unresponsiveness or a kernel panic. This can disrupt normal system operations, potentially causing downtime or loss of availability for services running on affected systems.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for soft lockup messages in the kernel logs, such as 'watchdog: BUG: soft lockup - CPU# stuck for several seconds' or kernel panic messages related to softlockup. You can check the kernel logs using commands like 'dmesg | grep -i softlockup' or 'journalctl -k | grep -i softlockup'. Additionally, monitoring the creation of many PATH records in tracefs or debugfs and auditctl rules related to open syscalls may help detect conditions leading to this issue.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include avoiding configurations that trigger the vulnerability, such as using CONFIG_KASAN=y with CONFIG_PREEMPTION=n, and avoiding creating many PATH records in tracefs or debugfs. You can also adjust the kernel watchdog threshold (e.g., 'sysctl -w kernel.watchdog_thresh=5') cautiously. Ultimately, applying the kernel patch that adds cond_resched() to __audit_inode_child() to prevent the soft lockup is necessary.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart