fkie_cve-2023-53522
Vulnerability from fkie_nvd
Published
2025-10-01 12:15
Modified
2025-10-02 19:11
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex
syzbot is reporting circular locking dependency between cpu_hotplug_lock
and freezer_mutex, for commit f5d39b020809 ("freezer,sched: Rewrite core
freezer logic") replaced atomic_inc() in freezer_apply_state() with
static_branch_inc() which holds cpu_hotplug_lock.
cpu_hotplug_lock => cgroup_threadgroup_rwsem => freezer_mutex
cgroup_file_write() {
cgroup_procs_write() {
__cgroup_procs_write() {
cgroup_procs_write_start() {
cgroup_attach_lock() {
cpus_read_lock() {
percpu_down_read(&cpu_hotplug_lock);
}
percpu_down_write(&cgroup_threadgroup_rwsem);
}
}
cgroup_attach_task() {
cgroup_migrate() {
cgroup_migrate_execute() {
freezer_attach() {
mutex_lock(&freezer_mutex);
(...snipped...)
}
}
}
}
(...snipped...)
}
}
}
freezer_mutex => cpu_hotplug_lock
cgroup_file_write() {
freezer_write() {
freezer_change_state() {
mutex_lock(&freezer_mutex);
freezer_apply_state() {
static_branch_inc(&freezer_active) {
static_key_slow_inc() {
cpus_read_lock();
static_key_slow_inc_cpuslocked();
cpus_read_unlock();
}
}
}
mutex_unlock(&freezer_mutex);
}
}
}
Swap locking order by moving cpus_read_lock() in freezer_apply_state()
to before mutex_lock(&freezer_mutex) in freezer_change_state().
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup,freezer: hold cpu_hotplug_lock before freezer_mutex\n\nsyzbot is reporting circular locking dependency between cpu_hotplug_lock\nand freezer_mutex, for commit f5d39b020809 (\"freezer,sched: Rewrite core\nfreezer logic\") replaced atomic_inc() in freezer_apply_state() with\nstatic_branch_inc() which holds cpu_hotplug_lock.\n\ncpu_hotplug_lock =\u003e cgroup_threadgroup_rwsem =\u003e freezer_mutex\n\n cgroup_file_write() {\n cgroup_procs_write() {\n __cgroup_procs_write() {\n cgroup_procs_write_start() {\n cgroup_attach_lock() {\n cpus_read_lock() {\n percpu_down_read(\u0026cpu_hotplug_lock);\n }\n percpu_down_write(\u0026cgroup_threadgroup_rwsem);\n }\n }\n cgroup_attach_task() {\n cgroup_migrate() {\n cgroup_migrate_execute() {\n freezer_attach() {\n mutex_lock(\u0026freezer_mutex);\n (...snipped...)\n }\n }\n }\n }\n (...snipped...)\n }\n }\n }\n\nfreezer_mutex =\u003e cpu_hotplug_lock\n\n cgroup_file_write() {\n freezer_write() {\n freezer_change_state() {\n mutex_lock(\u0026freezer_mutex);\n freezer_apply_state() {\n static_branch_inc(\u0026freezer_active) {\n static_key_slow_inc() {\n cpus_read_lock();\n static_key_slow_inc_cpuslocked();\n cpus_read_unlock();\n }\n }\n }\n mutex_unlock(\u0026freezer_mutex);\n }\n }\n }\n\nSwap locking order by moving cpus_read_lock() in freezer_apply_state()\nto before mutex_lock(\u0026freezer_mutex) in freezer_change_state()."
}
],
"id": "CVE-2023-53522",
"lastModified": "2025-10-02T19:11:46.753",
"metrics": {},
"published": "2025-10-01T12:15:56.617",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/34fbb7b45bae20b551dda24337c7761ca13ce69d"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/3756171b97c307d9df8b8ded1d883eec30172085"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/57dcd64c7e036299ef526b400a8d12b8a2352f26"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…