CVE-2023-54303
Unknown Unknown - Not Provided
Preemption Bug in Linux BPF Perf Event Causes Kernel Crashes

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: bpf: Disable preemption in bpf_perf_event_output The nesting protection in bpf_perf_event_output relies on disabled preemption, which is guaranteed for kprobes and tracepoints. However bpf_perf_event_output can be also called from uprobes context through bpf_prog_run_array_sleepable function which disables migration, but keeps preemption enabled. This can cause task to be preempted by another one inside the nesting protection and lead eventually to two tasks using same perf_sample_data buffer and cause crashes like: kernel tried to execute NX-protected page - exploit attempt? (uid: 0) BUG: unable to handle page fault for address: ffffffff82be3eea ... Call Trace: ? __die+0x1f/0x70 ? page_fault_oops+0x176/0x4d0 ? exc_page_fault+0x132/0x230 ? asm_exc_page_fault+0x22/0x30 ? perf_output_sample+0x12b/0x910 ? perf_event_output+0xd0/0x1d0 ? bpf_perf_event_output+0x162/0x1d0 ? bpf_prog_c6271286d9a4c938_krava1+0x76/0x87 ? __uprobe_perf_func+0x12b/0x540 ? uprobe_dispatcher+0x2c4/0x430 ? uprobe_notify_resume+0x2da/0xce0 ? atomic_notifier_call_chain+0x7b/0x110 ? exit_to_user_mode_prepare+0x13e/0x290 ? irqentry_exit_to_user_mode+0x5/0x30 ? asm_exc_int3+0x35/0x40 Fixing this by disabling preemption in bpf_perf_event_output.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-05-07
AI Q&A
2025-12-30
EPSS Evaluated
2026-05-05
NVD
CVE-2023-54303
EUVD
EUVD-2023-60501
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's bpf_perf_event_output function. The function's nesting protection relies on preemption being disabled, which is true for kprobes and tracepoints. However, when called from uprobes context via bpf_prog_run_array_sleepable, preemption remains enabled. This allows a task to be preempted inside the nesting protection, potentially causing two tasks to use the same perf_sample_data buffer simultaneously. This can lead to kernel crashes and errors such as page faults and execution of NX-protected pages.


How can this vulnerability impact me? :

This vulnerability can cause kernel crashes and instability due to concurrent access to the same perf_sample_data buffer by multiple tasks. This may result in system crashes, page faults, and potential denial of service, affecting system reliability and availability.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection can be done by monitoring kernel logs for crash messages related to this vulnerability. Look for kernel messages such as 'kernel tried to execute NX-protected page - exploit attempt?' or 'BUG: unable to handle page fault for address' in the system logs (e.g., using 'dmesg' or 'journalctl -k'). Specific commands include: 'dmesg | grep -i "kernel tried to execute NX-protected page"' and 'dmesg | grep -i "BUG: unable to handle page fault"'. These messages indicate crashes caused by the vulnerability.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation is to update the Linux kernel to a version where this vulnerability is fixed by disabling preemption in bpf_perf_event_output. Until then, avoid running untrusted BPF programs that use bpf_perf_event_output, especially those involving uprobes. Monitoring and restricting usage of such BPF programs can reduce risk.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart