CVE-2023-53522 (GCVE-0-2023-53522)
Vulnerability from cvelistv5
Published
2025-10-01 11:46
Modified
2025-10-01 11:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex
syzbot is reporting circular locking dependency between cpu_hotplug_lock
and freezer_mutex, for commit f5d39b020809 ("freezer,sched: Rewrite core
freezer logic") replaced atomic_inc() in freezer_apply_state() with
static_branch_inc() which holds cpu_hotplug_lock.
cpu_hotplug_lock => cgroup_threadgroup_rwsem => freezer_mutex
cgroup_file_write() {
cgroup_procs_write() {
__cgroup_procs_write() {
cgroup_procs_write_start() {
cgroup_attach_lock() {
cpus_read_lock() {
percpu_down_read(&cpu_hotplug_lock);
}
percpu_down_write(&cgroup_threadgroup_rwsem);
}
}
cgroup_attach_task() {
cgroup_migrate() {
cgroup_migrate_execute() {
freezer_attach() {
mutex_lock(&freezer_mutex);
(...snipped...)
}
}
}
}
(...snipped...)
}
}
}
freezer_mutex => cpu_hotplug_lock
cgroup_file_write() {
freezer_write() {
freezer_change_state() {
mutex_lock(&freezer_mutex);
freezer_apply_state() {
static_branch_inc(&freezer_active) {
static_key_slow_inc() {
cpus_read_lock();
static_key_slow_inc_cpuslocked();
cpus_read_unlock();
}
}
}
mutex_unlock(&freezer_mutex);
}
}
}
Swap locking order by moving cpus_read_lock() in freezer_apply_state()
to before mutex_lock(&freezer_mutex) in freezer_change_state().
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/cgroup/legacy_freezer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3756171b97c307d9df8b8ded1d883eec30172085",
"status": "affected",
"version": "f5d39b020809146cc28e6e73369bf8065e0310aa",
"versionType": "git"
},
{
"lessThan": "34fbb7b45bae20b551dda24337c7761ca13ce69d",
"status": "affected",
"version": "f5d39b020809146cc28e6e73369bf8065e0310aa",
"versionType": "git"
},
{
"lessThan": "57dcd64c7e036299ef526b400a8d12b8a2352f26",
"status": "affected",
"version": "f5d39b020809146cc28e6e73369bf8065e0310aa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/cgroup/legacy_freezer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.25",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"version": "6.2.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.3",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.25",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.12",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3",
"versionStartIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup,freezer: hold cpu_hotplug_lock before freezer_mutex\n\nsyzbot is reporting circular locking dependency between cpu_hotplug_lock\nand freezer_mutex, for commit f5d39b020809 (\"freezer,sched: Rewrite core\nfreezer logic\") replaced atomic_inc() in freezer_apply_state() with\nstatic_branch_inc() which holds cpu_hotplug_lock.\n\ncpu_hotplug_lock =\u003e cgroup_threadgroup_rwsem =\u003e freezer_mutex\n\n cgroup_file_write() {\n cgroup_procs_write() {\n __cgroup_procs_write() {\n cgroup_procs_write_start() {\n cgroup_attach_lock() {\n cpus_read_lock() {\n percpu_down_read(\u0026cpu_hotplug_lock);\n }\n percpu_down_write(\u0026cgroup_threadgroup_rwsem);\n }\n }\n cgroup_attach_task() {\n cgroup_migrate() {\n cgroup_migrate_execute() {\n freezer_attach() {\n mutex_lock(\u0026freezer_mutex);\n (...snipped...)\n }\n }\n }\n }\n (...snipped...)\n }\n }\n }\n\nfreezer_mutex =\u003e cpu_hotplug_lock\n\n cgroup_file_write() {\n freezer_write() {\n freezer_change_state() {\n mutex_lock(\u0026freezer_mutex);\n freezer_apply_state() {\n static_branch_inc(\u0026freezer_active) {\n static_key_slow_inc() {\n cpus_read_lock();\n static_key_slow_inc_cpuslocked();\n cpus_read_unlock();\n }\n }\n }\n mutex_unlock(\u0026freezer_mutex);\n }\n }\n }\n\nSwap locking order by moving cpus_read_lock() in freezer_apply_state()\nto before mutex_lock(\u0026freezer_mutex) in freezer_change_state()."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T11:46:08.909Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3756171b97c307d9df8b8ded1d883eec30172085"
},
{
"url": "https://git.kernel.org/stable/c/34fbb7b45bae20b551dda24337c7761ca13ce69d"
},
{
"url": "https://git.kernel.org/stable/c/57dcd64c7e036299ef526b400a8d12b8a2352f26"
}
],
"title": "cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53522",
"datePublished": "2025-10-01T11:46:08.909Z",
"dateReserved": "2025-10-01T11:39:39.407Z",
"dateUpdated": "2025-10-01T11:46:08.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-53522\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-10-01T12:15:56.617\",\"lastModified\":\"2025-10-02T19:11:46.753\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncgroup,freezer: hold cpu_hotplug_lock before freezer_mutex\\n\\nsyzbot is reporting circular locking dependency between cpu_hotplug_lock\\nand freezer_mutex, for commit f5d39b020809 (\\\"freezer,sched: Rewrite core\\nfreezer logic\\\") replaced atomic_inc() in freezer_apply_state() with\\nstatic_branch_inc() which holds cpu_hotplug_lock.\\n\\ncpu_hotplug_lock =\u003e cgroup_threadgroup_rwsem =\u003e freezer_mutex\\n\\n cgroup_file_write() {\\n cgroup_procs_write() {\\n __cgroup_procs_write() {\\n cgroup_procs_write_start() {\\n cgroup_attach_lock() {\\n cpus_read_lock() {\\n percpu_down_read(\u0026cpu_hotplug_lock);\\n }\\n percpu_down_write(\u0026cgroup_threadgroup_rwsem);\\n }\\n }\\n cgroup_attach_task() {\\n cgroup_migrate() {\\n cgroup_migrate_execute() {\\n freezer_attach() {\\n mutex_lock(\u0026freezer_mutex);\\n (...snipped...)\\n }\\n }\\n }\\n }\\n (...snipped...)\\n }\\n }\\n }\\n\\nfreezer_mutex =\u003e cpu_hotplug_lock\\n\\n cgroup_file_write() {\\n freezer_write() {\\n freezer_change_state() {\\n mutex_lock(\u0026freezer_mutex);\\n freezer_apply_state() {\\n static_branch_inc(\u0026freezer_active) {\\n static_key_slow_inc() {\\n cpus_read_lock();\\n static_key_slow_inc_cpuslocked();\\n cpus_read_unlock();\\n }\\n }\\n }\\n mutex_unlock(\u0026freezer_mutex);\\n }\\n }\\n }\\n\\nSwap locking order by moving cpus_read_lock() in freezer_apply_state()\\nto before mutex_lock(\u0026freezer_mutex) in freezer_change_state().\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/34fbb7b45bae20b551dda24337c7761ca13ce69d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3756171b97c307d9df8b8ded1d883eec30172085\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/57dcd64c7e036299ef526b400a8d12b8a2352f26\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…