CVE-2023-54283 (GCVE-0-2023-54283)
Vulnerability from cvelistv5 – Published: 2025-12-30 12:23 – Updated: 2025-12-30 12:23
VLAI?
Title
bpf: Address KCSAN report on bpf_lru_list
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Address KCSAN report on bpf_lru_list
KCSAN reported a data-race when accessing node->ref.
Although node->ref does not have to be accurate,
take this chance to use a more common READ_ONCE() and WRITE_ONCE()
pattern instead of data_race().
There is an existing bpf_lru_node_is_ref() and bpf_lru_node_set_ref().
This patch also adds bpf_lru_node_clear_ref() to do the
WRITE_ONCE(node->ref, 0) also.
==================================================================
BUG: KCSAN: data-race in __bpf_lru_list_rotate / __htab_lru_percpu_map_update_elem
write to 0xffff888137038deb of 1 bytes by task 11240 on cpu 1:
__bpf_lru_node_move kernel/bpf/bpf_lru_list.c:113 [inline]
__bpf_lru_list_rotate_active kernel/bpf/bpf_lru_list.c:149 [inline]
__bpf_lru_list_rotate+0x1bf/0x750 kernel/bpf/bpf_lru_list.c:240
bpf_lru_list_pop_free_to_local kernel/bpf/bpf_lru_list.c:329 [inline]
bpf_common_lru_pop_free kernel/bpf/bpf_lru_list.c:447 [inline]
bpf_lru_pop_free+0x638/0xe20 kernel/bpf/bpf_lru_list.c:499
prealloc_lru_pop kernel/bpf/hashtab.c:290 [inline]
__htab_lru_percpu_map_update_elem+0xe7/0x820 kernel/bpf/hashtab.c:1316
bpf_percpu_hash_update+0x5e/0x90 kernel/bpf/hashtab.c:2313
bpf_map_update_value+0x2a9/0x370 kernel/bpf/syscall.c:200
generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687
bpf_map_do_batch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534
__sys_bpf+0x338/0x810
__do_sys_bpf kernel/bpf/syscall.c:5096 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5094 [inline]
__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5094
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
read to 0xffff888137038deb of 1 bytes by task 11241 on cpu 0:
bpf_lru_node_set_ref kernel/bpf/bpf_lru_list.h:70 [inline]
__htab_lru_percpu_map_update_elem+0x2f1/0x820 kernel/bpf/hashtab.c:1332
bpf_percpu_hash_update+0x5e/0x90 kernel/bpf/hashtab.c:2313
bpf_map_update_value+0x2a9/0x370 kernel/bpf/syscall.c:200
generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687
bpf_map_do_batch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534
__sys_bpf+0x338/0x810
__do_sys_bpf kernel/bpf/syscall.c:5096 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5094 [inline]
__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5094
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
value changed: 0x01 -> 0x00
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 11241 Comm: syz-executor.3 Not tainted 6.3.0-rc7-syzkaller-00136-g6a66fdd29ea1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
==================================================================
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6eaef1b1d8720053eb1b6e7a3ff8b2ff0716bb90
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a89d14410ea0352420f03cddc67e0002dcc8f9a5 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e09a285ea1e859d4cc6cb689d8d5d7c1f7c7c0d5 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b6d9a4062c944ad095b34dc112bf646a84156f60 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 819ca25444b377935faa2dbb0aa3547519b5c80f (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c006fe361cfd947f51a56793deddf891e5cbfef8 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6e5e83b56f50fbd1c8f7dca7df7d72c67be25571 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ee9fd0ac3017c4313be91a220a9ac4c99dde7ad4 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/bpf_lru_list.c",
"kernel/bpf/bpf_lru_list.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6eaef1b1d8720053eb1b6e7a3ff8b2ff0716bb90",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a89d14410ea0352420f03cddc67e0002dcc8f9a5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e09a285ea1e859d4cc6cb689d8d5d7c1f7c7c0d5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b6d9a4062c944ad095b34dc112bf646a84156f60",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "819ca25444b377935faa2dbb0aa3547519b5c80f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c006fe361cfd947f51a56793deddf891e5cbfef8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6e5e83b56f50fbd1c8f7dca7df7d72c67be25571",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ee9fd0ac3017c4313be91a220a9ac4c99dde7ad4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/bpf_lru_list.c",
"kernel/bpf/bpf_lru_list.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.322",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.251",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.188",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.5",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Address KCSAN report on bpf_lru_list\n\nKCSAN reported a data-race when accessing node-\u003eref.\nAlthough node-\u003eref does not have to be accurate,\ntake this chance to use a more common READ_ONCE() and WRITE_ONCE()\npattern instead of data_race().\n\nThere is an existing bpf_lru_node_is_ref() and bpf_lru_node_set_ref().\nThis patch also adds bpf_lru_node_clear_ref() to do the\nWRITE_ONCE(node-\u003eref, 0) also.\n\n==================================================================\nBUG: KCSAN: data-race in __bpf_lru_list_rotate / __htab_lru_percpu_map_update_elem\n\nwrite to 0xffff888137038deb of 1 bytes by task 11240 on cpu 1:\n__bpf_lru_node_move kernel/bpf/bpf_lru_list.c:113 [inline]\n__bpf_lru_list_rotate_active kernel/bpf/bpf_lru_list.c:149 [inline]\n__bpf_lru_list_rotate+0x1bf/0x750 kernel/bpf/bpf_lru_list.c:240\nbpf_lru_list_pop_free_to_local kernel/bpf/bpf_lru_list.c:329 [inline]\nbpf_common_lru_pop_free kernel/bpf/bpf_lru_list.c:447 [inline]\nbpf_lru_pop_free+0x638/0xe20 kernel/bpf/bpf_lru_list.c:499\nprealloc_lru_pop kernel/bpf/hashtab.c:290 [inline]\n__htab_lru_percpu_map_update_elem+0xe7/0x820 kernel/bpf/hashtab.c:1316\nbpf_percpu_hash_update+0x5e/0x90 kernel/bpf/hashtab.c:2313\nbpf_map_update_value+0x2a9/0x370 kernel/bpf/syscall.c:200\ngeneric_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687\nbpf_map_do_batch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534\n__sys_bpf+0x338/0x810\n__do_sys_bpf kernel/bpf/syscall.c:5096 [inline]\n__se_sys_bpf kernel/bpf/syscall.c:5094 [inline]\n__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5094\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nread to 0xffff888137038deb of 1 bytes by task 11241 on cpu 0:\nbpf_lru_node_set_ref kernel/bpf/bpf_lru_list.h:70 [inline]\n__htab_lru_percpu_map_update_elem+0x2f1/0x820 kernel/bpf/hashtab.c:1332\nbpf_percpu_hash_update+0x5e/0x90 kernel/bpf/hashtab.c:2313\nbpf_map_update_value+0x2a9/0x370 kernel/bpf/syscall.c:200\ngeneric_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687\nbpf_map_do_batch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534\n__sys_bpf+0x338/0x810\n__do_sys_bpf kernel/bpf/syscall.c:5096 [inline]\n__se_sys_bpf kernel/bpf/syscall.c:5094 [inline]\n__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5094\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nvalue changed: 0x01 -\u003e 0x00\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 11241 Comm: syz-executor.3 Not tainted 6.3.0-rc7-syzkaller-00136-g6a66fdd29ea1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023\n=================================================================="
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T12:23:24.460Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6eaef1b1d8720053eb1b6e7a3ff8b2ff0716bb90"
},
{
"url": "https://git.kernel.org/stable/c/a89d14410ea0352420f03cddc67e0002dcc8f9a5"
},
{
"url": "https://git.kernel.org/stable/c/e09a285ea1e859d4cc6cb689d8d5d7c1f7c7c0d5"
},
{
"url": "https://git.kernel.org/stable/c/b6d9a4062c944ad095b34dc112bf646a84156f60"
},
{
"url": "https://git.kernel.org/stable/c/819ca25444b377935faa2dbb0aa3547519b5c80f"
},
{
"url": "https://git.kernel.org/stable/c/c006fe361cfd947f51a56793deddf891e5cbfef8"
},
{
"url": "https://git.kernel.org/stable/c/6e5e83b56f50fbd1c8f7dca7df7d72c67be25571"
},
{
"url": "https://git.kernel.org/stable/c/ee9fd0ac3017c4313be91a220a9ac4c99dde7ad4"
}
],
"title": "bpf: Address KCSAN report on bpf_lru_list",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-54283",
"datePublished": "2025-12-30T12:23:24.460Z",
"dateReserved": "2025-12-30T12:06:44.525Z",
"dateUpdated": "2025-12-30T12:23:24.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-54283\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-30T13:16:17.287\",\"lastModified\":\"2025-12-31T20:42:43.210\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbpf: Address KCSAN report on bpf_lru_list\\n\\nKCSAN reported a data-race when accessing node-\u003eref.\\nAlthough node-\u003eref does not have to be accurate,\\ntake this chance to use a more common READ_ONCE() and WRITE_ONCE()\\npattern instead of data_race().\\n\\nThere is an existing bpf_lru_node_is_ref() and bpf_lru_node_set_ref().\\nThis patch also adds bpf_lru_node_clear_ref() to do the\\nWRITE_ONCE(node-\u003eref, 0) also.\\n\\n==================================================================\\nBUG: KCSAN: data-race in __bpf_lru_list_rotate / __htab_lru_percpu_map_update_elem\\n\\nwrite to 0xffff888137038deb of 1 bytes by task 11240 on cpu 1:\\n__bpf_lru_node_move kernel/bpf/bpf_lru_list.c:113 [inline]\\n__bpf_lru_list_rotate_active kernel/bpf/bpf_lru_list.c:149 [inline]\\n__bpf_lru_list_rotate+0x1bf/0x750 kernel/bpf/bpf_lru_list.c:240\\nbpf_lru_list_pop_free_to_local kernel/bpf/bpf_lru_list.c:329 [inline]\\nbpf_common_lru_pop_free kernel/bpf/bpf_lru_list.c:447 [inline]\\nbpf_lru_pop_free+0x638/0xe20 kernel/bpf/bpf_lru_list.c:499\\nprealloc_lru_pop kernel/bpf/hashtab.c:290 [inline]\\n__htab_lru_percpu_map_update_elem+0xe7/0x820 kernel/bpf/hashtab.c:1316\\nbpf_percpu_hash_update+0x5e/0x90 kernel/bpf/hashtab.c:2313\\nbpf_map_update_value+0x2a9/0x370 kernel/bpf/syscall.c:200\\ngeneric_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687\\nbpf_map_do_batch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534\\n__sys_bpf+0x338/0x810\\n__do_sys_bpf kernel/bpf/syscall.c:5096 [inline]\\n__se_sys_bpf kernel/bpf/syscall.c:5094 [inline]\\n__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5094\\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\\n\\nread to 0xffff888137038deb of 1 bytes by task 11241 on cpu 0:\\nbpf_lru_node_set_ref kernel/bpf/bpf_lru_list.h:70 [inline]\\n__htab_lru_percpu_map_update_elem+0x2f1/0x820 kernel/bpf/hashtab.c:1332\\nbpf_percpu_hash_update+0x5e/0x90 kernel/bpf/hashtab.c:2313\\nbpf_map_update_value+0x2a9/0x370 kernel/bpf/syscall.c:200\\ngeneric_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687\\nbpf_map_do_batch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534\\n__sys_bpf+0x338/0x810\\n__do_sys_bpf kernel/bpf/syscall.c:5096 [inline]\\n__se_sys_bpf kernel/bpf/syscall.c:5094 [inline]\\n__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5094\\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\\n\\nvalue changed: 0x01 -\u003e 0x00\\n\\nReported by Kernel Concurrency Sanitizer on:\\nCPU: 0 PID: 11241 Comm: syz-executor.3 Not tainted 6.3.0-rc7-syzkaller-00136-g6a66fdd29ea1 #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023\\n==================================================================\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/6e5e83b56f50fbd1c8f7dca7df7d72c67be25571\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6eaef1b1d8720053eb1b6e7a3ff8b2ff0716bb90\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/819ca25444b377935faa2dbb0aa3547519b5c80f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a89d14410ea0352420f03cddc67e0002dcc8f9a5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b6d9a4062c944ad095b34dc112bf646a84156f60\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c006fe361cfd947f51a56793deddf891e5cbfef8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e09a285ea1e859d4cc6cb689d8d5d7c1f7c7c0d5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ee9fd0ac3017c4313be91a220a9ac4c99dde7ad4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…