fkie_cve-2023-53501
Vulnerability from fkie_nvd
Published
2025-10-01 12:15
Modified
2025-10-02 19:11
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: iommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind When unbinding pasid - a race condition exists vs outstanding page faults. To prevent this, the pasid_state object contains a refcount. * set to 1 on pasid bind * incremented on each ppr notification start * decremented on each ppr notification done * decremented on pasid unbind Since refcount_dec assumes that refcount will never reach 0: the current implementation causes the following to be invoked on pasid unbind: REFCOUNT_WARN("decrement hit 0; leaking memory") Fix this issue by changing refcount_dec to refcount_dec_and_test to explicitly handle refcount=1.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/13ed255248dfbbb7f23f9170c7a537fb9ca22c73
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/534103bcd52ca9c1fecbc70e717b4a538dc4ded8
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/98d86bf32187db27946ca817c2467a5f2f7aa02f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9ccc51be3126b25cfe9351dbffde946c925cc28a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a50d60b8f2aff46dd7c7edb4a5835cdc4d432c22
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind\n\nWhen unbinding pasid - a race condition exists vs outstanding page faults.\n\nTo prevent this, the pasid_state object contains a refcount.\n    * set to 1 on pasid bind\n    * incremented on each ppr notification start\n    * decremented on each ppr notification done\n    * decremented on pasid unbind\n\nSince refcount_dec assumes that refcount will never reach 0:\n  the current implementation causes the following to be invoked on\n  pasid unbind:\n        REFCOUNT_WARN(\"decrement hit 0; leaking memory\")\n\nFix this issue by changing refcount_dec to refcount_dec_and_test\nto explicitly handle refcount=1."
    }
  ],
  "id": "CVE-2023-53501",
  "lastModified": "2025-10-02T19:11:46.753",
  "metrics": {},
  "published": "2025-10-01T12:15:53.640",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/13ed255248dfbbb7f23f9170c7a537fb9ca22c73"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/534103bcd52ca9c1fecbc70e717b4a538dc4ded8"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/98d86bf32187db27946ca817c2467a5f2f7aa02f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9ccc51be3126b25cfe9351dbffde946c925cc28a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a50d60b8f2aff46dd7c7edb4a5835cdc4d432c22"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.