CVE-2023-54322 (GCVE-0-2023-54322)
Vulnerability from cvelistv5 – Published: 2025-12-30 12:34 – Updated: 2025-12-30 12:34
VLAI?
Title
arm64: set __exception_irq_entry with __irq_entry as a default
Summary
In the Linux kernel, the following vulnerability has been resolved:
arm64: set __exception_irq_entry with __irq_entry as a default
filter_irq_stacks() is supposed to cut entries which are related irq entries
from its call stack.
And in_irqentry_text() which is called by filter_irq_stacks()
uses __irqentry_text_start/end symbol to find irq entries in callstack.
But it doesn't work correctly as without "CONFIG_FUNCTION_GRAPH_TRACER",
arm64 kernel doesn't include gic_handle_irq which is entry point of arm64 irq
between __irqentry_text_start and __irqentry_text_end as we discussed in below link.
https://lore.kernel.org/all/CACT4Y+aReMGLYua2rCLHgFpS9io5cZC04Q8GLs-uNmrn1ezxYQ@mail.gmail.com/#t
This problem can makes unintentional deep call stack entries especially
in KASAN enabled situation as below.
[ 2479.383395]I[0:launcher-loader: 1719] Stack depot reached limit capacity
[ 2479.383538]I[0:launcher-loader: 1719] WARNING: CPU: 0 PID: 1719 at lib/stackdepot.c:129 __stack_depot_save+0x464/0x46c
[ 2479.385693]I[0:launcher-loader: 1719] pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
[ 2479.385724]I[0:launcher-loader: 1719] pc : __stack_depot_save+0x464/0x46c
[ 2479.385751]I[0:launcher-loader: 1719] lr : __stack_depot_save+0x460/0x46c
[ 2479.385774]I[0:launcher-loader: 1719] sp : ffffffc0080073c0
[ 2479.385793]I[0:launcher-loader: 1719] x29: ffffffc0080073e0 x28: ffffffd00b78a000 x27: 0000000000000000
[ 2479.385839]I[0:launcher-loader: 1719] x26: 000000000004d1dd x25: ffffff891474f000 x24: 00000000ca64d1dd
[ 2479.385882]I[0:launcher-loader: 1719] x23: 0000000000000200 x22: 0000000000000220 x21: 0000000000000040
[ 2479.385925]I[0:launcher-loader: 1719] x20: ffffffc008007440 x19: 0000000000000000 x18: 0000000000000000
[ 2479.385969]I[0:launcher-loader: 1719] x17: 2065726568207475 x16: 000000000000005e x15: 2d2d2d2d2d2d2d20
[ 2479.386013]I[0:launcher-loader: 1719] x14: 5d39313731203a72 x13: 00000000002f6b30 x12: 00000000002f6af8
[ 2479.386057]I[0:launcher-loader: 1719] x11: 00000000ffffffff x10: ffffffb90aacf000 x9 : e8a74a6c16008800
[ 2479.386101]I[0:launcher-loader: 1719] x8 : e8a74a6c16008800 x7 : 00000000002f6b30 x6 : 00000000002f6af8
[ 2479.386145]I[0:launcher-loader: 1719] x5 : ffffffc0080070c8 x4 : ffffffd00b192380 x3 : ffffffd0092b313c
[ 2479.386189]I[0:launcher-loader: 1719] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000022
[ 2479.386231]I[0:launcher-loader: 1719] Call trace:
[ 2479.386248]I[0:launcher-loader: 1719] __stack_depot_save+0x464/0x46c
[ 2479.386273]I[0:launcher-loader: 1719] kasan_save_stack+0x58/0x70
[ 2479.386303]I[0:launcher-loader: 1719] save_stack_info+0x34/0x138
[ 2479.386331]I[0:launcher-loader: 1719] kasan_save_free_info+0x18/0x24
[ 2479.386358]I[0:launcher-loader: 1719] ____kasan_slab_free+0x16c/0x170
[ 2479.386385]I[0:launcher-loader: 1719] __kasan_slab_free+0x10/0x20
[ 2479.386410]I[0:launcher-loader: 1719] kmem_cache_free+0x238/0x53c
[ 2479.386435]I[0:launcher-loader: 1719] mempool_free_slab+0x1c/0x28
[ 2479.386460]I[0:launcher-loader: 1719] mempool_free+0x7c/0x1a0
[ 2479.386484]I[0:launcher-loader: 1719] bvec_free+0x34/0x80
[ 2479.386514]I[0:launcher-loader: 1719] bio_free+0x60/0x98
[ 2479.386540]I[0:launcher-loader: 1719] bio_put+0x50/0x21c
[ 2479.386567]I[0:launcher-loader: 1719] f2fs_write_end_io+0x4ac/0x4d0
[ 2479.386594]I[0:launcher-loader: 1719] bio_endio+0x2dc/0x300
[ 2479.386622]I[0:launcher-loader: 1719] __dm_io_complete+0x324/0x37c
[ 2479.386650]I[0:launcher-loader: 1719] dm_io_dec_pending+0x60/0xa4
[ 2479.386676]I[0:launcher-loader: 1719] clone_endio+0xf8/0x2f0
[ 2479.386700]I[0:launcher-loader: 1719] bio_endio+0x2dc/0x300
[ 2479.386727]I[0:launcher-loader: 1719] blk_update_request+0x258/0x63c
[ 2479.386754]I[0:launcher-loader: 1719] scsi_end_request+0x50/0x304
[ 2479.386782]I[0:launcher-loader: 1719] scsi_io_completion+0x88/0x160
[ 2479.386808]I[0:launcher-loader: 1719] scsi_finish_command+0x17c/0x194
[ 2479.386833]I
---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c71d6934c6ac40a97146a410e0320768c7b1bb3c
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 0bd309f22663f3ee749bea0b6d70642c31a1c0a5 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d3b219e504fc5c5a25fa7c04c8589ff34baef9a8 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f6794950f0e5ba37e3bbedda4d6ab0aad7395dd3 (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm64/include/asm/exception.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c71d6934c6ac40a97146a410e0320768c7b1bb3c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0bd309f22663f3ee749bea0b6d70642c31a1c0a5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d3b219e504fc5c5a25fa7c04c8589ff34baef9a8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f6794950f0e5ba37e3bbedda4d6ab0aad7395dd3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm64/include/asm/exception.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.188",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.5",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: set __exception_irq_entry with __irq_entry as a default\n\nfilter_irq_stacks() is supposed to cut entries which are related irq entries\nfrom its call stack.\nAnd in_irqentry_text() which is called by filter_irq_stacks()\nuses __irqentry_text_start/end symbol to find irq entries in callstack.\n\nBut it doesn\u0027t work correctly as without \"CONFIG_FUNCTION_GRAPH_TRACER\",\narm64 kernel doesn\u0027t include gic_handle_irq which is entry point of arm64 irq\nbetween __irqentry_text_start and __irqentry_text_end as we discussed in below link.\nhttps://lore.kernel.org/all/CACT4Y+aReMGLYua2rCLHgFpS9io5cZC04Q8GLs-uNmrn1ezxYQ@mail.gmail.com/#t\n\nThis problem can makes unintentional deep call stack entries especially\nin KASAN enabled situation as below.\n\n[ 2479.383395]I[0:launcher-loader: 1719] Stack depot reached limit capacity\n[ 2479.383538]I[0:launcher-loader: 1719] WARNING: CPU: 0 PID: 1719 at lib/stackdepot.c:129 __stack_depot_save+0x464/0x46c\n[ 2479.385693]I[0:launcher-loader: 1719] pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\n[ 2479.385724]I[0:launcher-loader: 1719] pc : __stack_depot_save+0x464/0x46c\n[ 2479.385751]I[0:launcher-loader: 1719] lr : __stack_depot_save+0x460/0x46c\n[ 2479.385774]I[0:launcher-loader: 1719] sp : ffffffc0080073c0\n[ 2479.385793]I[0:launcher-loader: 1719] x29: ffffffc0080073e0 x28: ffffffd00b78a000 x27: 0000000000000000\n[ 2479.385839]I[0:launcher-loader: 1719] x26: 000000000004d1dd x25: ffffff891474f000 x24: 00000000ca64d1dd\n[ 2479.385882]I[0:launcher-loader: 1719] x23: 0000000000000200 x22: 0000000000000220 x21: 0000000000000040\n[ 2479.385925]I[0:launcher-loader: 1719] x20: ffffffc008007440 x19: 0000000000000000 x18: 0000000000000000\n[ 2479.385969]I[0:launcher-loader: 1719] x17: 2065726568207475 x16: 000000000000005e x15: 2d2d2d2d2d2d2d20\n[ 2479.386013]I[0:launcher-loader: 1719] x14: 5d39313731203a72 x13: 00000000002f6b30 x12: 00000000002f6af8\n[ 2479.386057]I[0:launcher-loader: 1719] x11: 00000000ffffffff x10: ffffffb90aacf000 x9 : e8a74a6c16008800\n[ 2479.386101]I[0:launcher-loader: 1719] x8 : e8a74a6c16008800 x7 : 00000000002f6b30 x6 : 00000000002f6af8\n[ 2479.386145]I[0:launcher-loader: 1719] x5 : ffffffc0080070c8 x4 : ffffffd00b192380 x3 : ffffffd0092b313c\n[ 2479.386189]I[0:launcher-loader: 1719] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000022\n[ 2479.386231]I[0:launcher-loader: 1719] Call trace:\n[ 2479.386248]I[0:launcher-loader: 1719] __stack_depot_save+0x464/0x46c\n[ 2479.386273]I[0:launcher-loader: 1719] kasan_save_stack+0x58/0x70\n[ 2479.386303]I[0:launcher-loader: 1719] save_stack_info+0x34/0x138\n[ 2479.386331]I[0:launcher-loader: 1719] kasan_save_free_info+0x18/0x24\n[ 2479.386358]I[0:launcher-loader: 1719] ____kasan_slab_free+0x16c/0x170\n[ 2479.386385]I[0:launcher-loader: 1719] __kasan_slab_free+0x10/0x20\n[ 2479.386410]I[0:launcher-loader: 1719] kmem_cache_free+0x238/0x53c\n[ 2479.386435]I[0:launcher-loader: 1719] mempool_free_slab+0x1c/0x28\n[ 2479.386460]I[0:launcher-loader: 1719] mempool_free+0x7c/0x1a0\n[ 2479.386484]I[0:launcher-loader: 1719] bvec_free+0x34/0x80\n[ 2479.386514]I[0:launcher-loader: 1719] bio_free+0x60/0x98\n[ 2479.386540]I[0:launcher-loader: 1719] bio_put+0x50/0x21c\n[ 2479.386567]I[0:launcher-loader: 1719] f2fs_write_end_io+0x4ac/0x4d0\n[ 2479.386594]I[0:launcher-loader: 1719] bio_endio+0x2dc/0x300\n[ 2479.386622]I[0:launcher-loader: 1719] __dm_io_complete+0x324/0x37c\n[ 2479.386650]I[0:launcher-loader: 1719] dm_io_dec_pending+0x60/0xa4\n[ 2479.386676]I[0:launcher-loader: 1719] clone_endio+0xf8/0x2f0\n[ 2479.386700]I[0:launcher-loader: 1719] bio_endio+0x2dc/0x300\n[ 2479.386727]I[0:launcher-loader: 1719] blk_update_request+0x258/0x63c\n[ 2479.386754]I[0:launcher-loader: 1719] scsi_end_request+0x50/0x304\n[ 2479.386782]I[0:launcher-loader: 1719] scsi_io_completion+0x88/0x160\n[ 2479.386808]I[0:launcher-loader: 1719] scsi_finish_command+0x17c/0x194\n[ 2479.386833]I\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T12:34:15.446Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c71d6934c6ac40a97146a410e0320768c7b1bb3c"
},
{
"url": "https://git.kernel.org/stable/c/0bd309f22663f3ee749bea0b6d70642c31a1c0a5"
},
{
"url": "https://git.kernel.org/stable/c/d3b219e504fc5c5a25fa7c04c8589ff34baef9a8"
},
{
"url": "https://git.kernel.org/stable/c/f6794950f0e5ba37e3bbedda4d6ab0aad7395dd3"
}
],
"title": "arm64: set __exception_irq_entry with __irq_entry as a default",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-54322",
"datePublished": "2025-12-30T12:34:15.446Z",
"dateReserved": "2025-12-30T12:28:53.860Z",
"dateUpdated": "2025-12-30T12:34:15.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-54322\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-30T13:16:21.520\",\"lastModified\":\"2025-12-30T13:16:21.520\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\narm64: set __exception_irq_entry with __irq_entry as a default\\n\\nfilter_irq_stacks() is supposed to cut entries which are related irq entries\\nfrom its call stack.\\nAnd in_irqentry_text() which is called by filter_irq_stacks()\\nuses __irqentry_text_start/end symbol to find irq entries in callstack.\\n\\nBut it doesn\u0027t work correctly as without \\\"CONFIG_FUNCTION_GRAPH_TRACER\\\",\\narm64 kernel doesn\u0027t include gic_handle_irq which is entry point of arm64 irq\\nbetween __irqentry_text_start and __irqentry_text_end as we discussed in below link.\\nhttps://lore.kernel.org/all/CACT4Y+aReMGLYua2rCLHgFpS9io5cZC04Q8GLs-uNmrn1ezxYQ@mail.gmail.com/#t\\n\\nThis problem can makes unintentional deep call stack entries especially\\nin KASAN enabled situation as below.\\n\\n[ 2479.383395]I[0:launcher-loader: 1719] Stack depot reached limit capacity\\n[ 2479.383538]I[0:launcher-loader: 1719] WARNING: CPU: 0 PID: 1719 at lib/stackdepot.c:129 __stack_depot_save+0x464/0x46c\\n[ 2479.385693]I[0:launcher-loader: 1719] pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\\n[ 2479.385724]I[0:launcher-loader: 1719] pc : __stack_depot_save+0x464/0x46c\\n[ 2479.385751]I[0:launcher-loader: 1719] lr : __stack_depot_save+0x460/0x46c\\n[ 2479.385774]I[0:launcher-loader: 1719] sp : ffffffc0080073c0\\n[ 2479.385793]I[0:launcher-loader: 1719] x29: ffffffc0080073e0 x28: ffffffd00b78a000 x27: 0000000000000000\\n[ 2479.385839]I[0:launcher-loader: 1719] x26: 000000000004d1dd x25: ffffff891474f000 x24: 00000000ca64d1dd\\n[ 2479.385882]I[0:launcher-loader: 1719] x23: 0000000000000200 x22: 0000000000000220 x21: 0000000000000040\\n[ 2479.385925]I[0:launcher-loader: 1719] x20: ffffffc008007440 x19: 0000000000000000 x18: 0000000000000000\\n[ 2479.385969]I[0:launcher-loader: 1719] x17: 2065726568207475 x16: 000000000000005e x15: 2d2d2d2d2d2d2d20\\n[ 2479.386013]I[0:launcher-loader: 1719] x14: 5d39313731203a72 x13: 00000000002f6b30 x12: 00000000002f6af8\\n[ 2479.386057]I[0:launcher-loader: 1719] x11: 00000000ffffffff x10: ffffffb90aacf000 x9 : e8a74a6c16008800\\n[ 2479.386101]I[0:launcher-loader: 1719] x8 : e8a74a6c16008800 x7 : 00000000002f6b30 x6 : 00000000002f6af8\\n[ 2479.386145]I[0:launcher-loader: 1719] x5 : ffffffc0080070c8 x4 : ffffffd00b192380 x3 : ffffffd0092b313c\\n[ 2479.386189]I[0:launcher-loader: 1719] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000022\\n[ 2479.386231]I[0:launcher-loader: 1719] Call trace:\\n[ 2479.386248]I[0:launcher-loader: 1719] __stack_depot_save+0x464/0x46c\\n[ 2479.386273]I[0:launcher-loader: 1719] kasan_save_stack+0x58/0x70\\n[ 2479.386303]I[0:launcher-loader: 1719] save_stack_info+0x34/0x138\\n[ 2479.386331]I[0:launcher-loader: 1719] kasan_save_free_info+0x18/0x24\\n[ 2479.386358]I[0:launcher-loader: 1719] ____kasan_slab_free+0x16c/0x170\\n[ 2479.386385]I[0:launcher-loader: 1719] __kasan_slab_free+0x10/0x20\\n[ 2479.386410]I[0:launcher-loader: 1719] kmem_cache_free+0x238/0x53c\\n[ 2479.386435]I[0:launcher-loader: 1719] mempool_free_slab+0x1c/0x28\\n[ 2479.386460]I[0:launcher-loader: 1719] mempool_free+0x7c/0x1a0\\n[ 2479.386484]I[0:launcher-loader: 1719] bvec_free+0x34/0x80\\n[ 2479.386514]I[0:launcher-loader: 1719] bio_free+0x60/0x98\\n[ 2479.386540]I[0:launcher-loader: 1719] bio_put+0x50/0x21c\\n[ 2479.386567]I[0:launcher-loader: 1719] f2fs_write_end_io+0x4ac/0x4d0\\n[ 2479.386594]I[0:launcher-loader: 1719] bio_endio+0x2dc/0x300\\n[ 2479.386622]I[0:launcher-loader: 1719] __dm_io_complete+0x324/0x37c\\n[ 2479.386650]I[0:launcher-loader: 1719] dm_io_dec_pending+0x60/0xa4\\n[ 2479.386676]I[0:launcher-loader: 1719] clone_endio+0xf8/0x2f0\\n[ 2479.386700]I[0:launcher-loader: 1719] bio_endio+0x2dc/0x300\\n[ 2479.386727]I[0:launcher-loader: 1719] blk_update_request+0x258/0x63c\\n[ 2479.386754]I[0:launcher-loader: 1719] scsi_end_request+0x50/0x304\\n[ 2479.386782]I[0:launcher-loader: 1719] scsi_io_completion+0x88/0x160\\n[ 2479.386808]I[0:launcher-loader: 1719] scsi_finish_command+0x17c/0x194\\n[ 2479.386833]I\\n---truncated---\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0bd309f22663f3ee749bea0b6d70642c31a1c0a5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c71d6934c6ac40a97146a410e0320768c7b1bb3c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d3b219e504fc5c5a25fa7c04c8589ff34baef9a8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f6794950f0e5ba37e3bbedda4d6ab0aad7395dd3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…