CVE-2023-54071 (GCVE-0-2023-54071)
Vulnerability from cvelistv5
Published
2025-12-24 12:23
Modified
2025-12-24 12:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw88: use work to update rate to avoid RCU warning
The ieee80211_ops::sta_rc_update must be atomic, because
ieee80211_chan_bw_change() holds rcu_read lock while calling
drv_sta_rc_update(), so create a work to do original things.
Voluntary context switch within RCU read-side critical section!
WARNING: CPU: 0 PID: 4621 at kernel/rcu/tree_plugin.h:318
rcu_note_context_switch+0x571/0x5d0
CPU: 0 PID: 4621 Comm: kworker/u16:2 Tainted: G W OE
Workqueue: phy3 ieee80211_chswitch_work [mac80211]
RIP: 0010:rcu_note_context_switch+0x571/0x5d0
Call Trace:
<TASK>
__schedule+0xb0/0x1460
? __mod_timer+0x116/0x360
schedule+0x5a/0xc0
schedule_timeout+0x87/0x150
? trace_raw_output_tick_stop+0x60/0x60
wait_for_completion_timeout+0x7b/0x140
usb_start_wait_urb+0x82/0x160 [usbcore
usb_control_msg+0xe3/0x140 [usbcore
rtw_usb_read+0x88/0xe0 [rtw_usb
rtw_usb_read8+0xf/0x10 [rtw_usb
rtw_fw_send_h2c_command+0xa0/0x170 [rtw_core
rtw_fw_send_ra_info+0xc9/0xf0 [rtw_core
drv_sta_rc_update+0x7c/0x160 [mac80211
ieee80211_chan_bw_change+0xfb/0x110 [mac80211
ieee80211_change_chanctx+0x38/0x130 [mac80211
ieee80211_vif_use_reserved_switch+0x34e/0x900 [mac80211
ieee80211_link_use_reserved_context+0x88/0xe0 [mac80211
ieee80211_chswitch_work+0x95/0x170 [mac80211
process_one_work+0x201/0x410
worker_thread+0x4a/0x3b0
? process_one_work+0x410/0x410
kthread+0xe1/0x110
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x1f/0x30
</TASK>
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/realtek/rtw88/mac80211.c",
"drivers/net/wireless/realtek/rtw88/main.c",
"drivers/net/wireless/realtek/rtw88/main.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "107677a8f43521e33e4a653e50fdf55ba622a4ce",
"status": "affected",
"version": "c1edc86472fc3a5aa3b5c5c53c4e20f6a24992a6",
"versionType": "git"
},
{
"lessThan": "dd3af22323e79a2ffabed366db20aab83716fe6f",
"status": "affected",
"version": "c1edc86472fc3a5aa3b5c5c53c4e20f6a24992a6",
"versionType": "git"
},
{
"lessThan": "bcafcb959a57a6890e900199690c5fc47da1a304",
"status": "affected",
"version": "c1edc86472fc3a5aa3b5c5c53c4e20f6a24992a6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/realtek/rtw88/mac80211.c",
"drivers/net/wireless/realtek/rtw88/main.c",
"drivers/net/wireless/realtek/rtw88/main.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.*",
"status": "unaffected",
"version": "6.3.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.4",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.30",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.4",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4",
"versionStartIncluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: use work to update rate to avoid RCU warning\n\nThe ieee80211_ops::sta_rc_update must be atomic, because\nieee80211_chan_bw_change() holds rcu_read lock while calling\ndrv_sta_rc_update(), so create a work to do original things.\n\n Voluntary context switch within RCU read-side critical section!\n WARNING: CPU: 0 PID: 4621 at kernel/rcu/tree_plugin.h:318\n rcu_note_context_switch+0x571/0x5d0\n CPU: 0 PID: 4621 Comm: kworker/u16:2 Tainted: G W OE\n Workqueue: phy3 ieee80211_chswitch_work [mac80211]\n RIP: 0010:rcu_note_context_switch+0x571/0x5d0\n Call Trace:\n \u003cTASK\u003e\n __schedule+0xb0/0x1460\n ? __mod_timer+0x116/0x360\n schedule+0x5a/0xc0\n schedule_timeout+0x87/0x150\n ? trace_raw_output_tick_stop+0x60/0x60\n wait_for_completion_timeout+0x7b/0x140\n usb_start_wait_urb+0x82/0x160 [usbcore\n usb_control_msg+0xe3/0x140 [usbcore\n rtw_usb_read+0x88/0xe0 [rtw_usb\n rtw_usb_read8+0xf/0x10 [rtw_usb\n rtw_fw_send_h2c_command+0xa0/0x170 [rtw_core\n rtw_fw_send_ra_info+0xc9/0xf0 [rtw_core\n drv_sta_rc_update+0x7c/0x160 [mac80211\n ieee80211_chan_bw_change+0xfb/0x110 [mac80211\n ieee80211_change_chanctx+0x38/0x130 [mac80211\n ieee80211_vif_use_reserved_switch+0x34e/0x900 [mac80211\n ieee80211_link_use_reserved_context+0x88/0xe0 [mac80211\n ieee80211_chswitch_work+0x95/0x170 [mac80211\n process_one_work+0x201/0x410\n worker_thread+0x4a/0x3b0\n ? process_one_work+0x410/0x410\n kthread+0xe1/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T12:23:14.874Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/107677a8f43521e33e4a653e50fdf55ba622a4ce"
},
{
"url": "https://git.kernel.org/stable/c/dd3af22323e79a2ffabed366db20aab83716fe6f"
},
{
"url": "https://git.kernel.org/stable/c/bcafcb959a57a6890e900199690c5fc47da1a304"
}
],
"title": "wifi: rtw88: use work to update rate to avoid RCU warning",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-54071",
"datePublished": "2025-12-24T12:23:14.874Z",
"dateReserved": "2025-12-24T12:21:05.093Z",
"dateUpdated": "2025-12-24T12:23:14.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-54071\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-24T13:16:08.950\",\"lastModified\":\"2025-12-24T13:16:08.950\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nwifi: rtw88: use work to update rate to avoid RCU warning\\n\\nThe ieee80211_ops::sta_rc_update must be atomic, because\\nieee80211_chan_bw_change() holds rcu_read lock while calling\\ndrv_sta_rc_update(), so create a work to do original things.\\n\\n Voluntary context switch within RCU read-side critical section!\\n WARNING: CPU: 0 PID: 4621 at kernel/rcu/tree_plugin.h:318\\n rcu_note_context_switch+0x571/0x5d0\\n CPU: 0 PID: 4621 Comm: kworker/u16:2 Tainted: G W OE\\n Workqueue: phy3 ieee80211_chswitch_work [mac80211]\\n RIP: 0010:rcu_note_context_switch+0x571/0x5d0\\n Call Trace:\\n \u003cTASK\u003e\\n __schedule+0xb0/0x1460\\n ? __mod_timer+0x116/0x360\\n schedule+0x5a/0xc0\\n schedule_timeout+0x87/0x150\\n ? trace_raw_output_tick_stop+0x60/0x60\\n wait_for_completion_timeout+0x7b/0x140\\n usb_start_wait_urb+0x82/0x160 [usbcore\\n usb_control_msg+0xe3/0x140 [usbcore\\n rtw_usb_read+0x88/0xe0 [rtw_usb\\n rtw_usb_read8+0xf/0x10 [rtw_usb\\n rtw_fw_send_h2c_command+0xa0/0x170 [rtw_core\\n rtw_fw_send_ra_info+0xc9/0xf0 [rtw_core\\n drv_sta_rc_update+0x7c/0x160 [mac80211\\n ieee80211_chan_bw_change+0xfb/0x110 [mac80211\\n ieee80211_change_chanctx+0x38/0x130 [mac80211\\n ieee80211_vif_use_reserved_switch+0x34e/0x900 [mac80211\\n ieee80211_link_use_reserved_context+0x88/0xe0 [mac80211\\n ieee80211_chswitch_work+0x95/0x170 [mac80211\\n process_one_work+0x201/0x410\\n worker_thread+0x4a/0x3b0\\n ? process_one_work+0x410/0x410\\n kthread+0xe1/0x110\\n ? kthread_complete_and_exit+0x20/0x20\\n ret_from_fork+0x1f/0x30\\n \u003c/TASK\u003e\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/107677a8f43521e33e4a653e50fdf55ba622a4ce\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bcafcb959a57a6890e900199690c5fc47da1a304\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/dd3af22323e79a2ffabed366db20aab83716fe6f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…