fkie_cve-2023-53655
Vulnerability from fkie_nvd
Published
2025-10-07 16:15
Modified
2025-10-08 19:38
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed Registering a kprobe on __rcu_irq_enter_check_tick() can cause kernel stack overflow as shown below. This issue can be reproduced by enabling CONFIG_NO_HZ_FULL and booting the kernel with argument "nohz_full=", and then giving the following commands at the shell prompt: # cd /sys/kernel/tracing/ # echo 'p:mp1 __rcu_irq_enter_check_tick' >> kprobe_events # echo 1 > events/kprobes/enable This commit therefore adds __rcu_irq_enter_check_tick() to the kprobes blacklist using NOKPROBE_SYMBOL(). Insufficient stack space to handle exception! ESR: 0x00000000f2000004 -- BRK (AArch64) FAR: 0x0000ffffccf3e510 Task stack: [0xffff80000ad30000..0xffff80000ad38000] IRQ stack: [0xffff800008050000..0xffff800008058000] Overflow stack: [0xffff089c36f9f310..0xffff089c36fa0310] CPU: 5 PID: 190 Comm: bash Not tainted 6.2.0-rc2-00320-g1f5abbd77e2c #19 Hardware name: linux,dummy-virt (DT) pstate: 400003c5 (nZcv DAIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __rcu_irq_enter_check_tick+0x0/0x1b8 lr : ct_nmi_enter+0x11c/0x138 sp : ffff80000ad30080 x29: ffff80000ad30080 x28: ffff089c82e20000 x27: 0000000000000000 x26: 0000000000000000 x25: ffff089c02a8d100 x24: 0000000000000000 x23: 00000000400003c5 x22: 0000ffffccf3e510 x21: ffff089c36fae148 x20: ffff80000ad30120 x19: ffffa8da8fcce148 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: ffffa8da8e44ea6c x14: ffffa8da8e44e968 x13: ffffa8da8e03136c x12: 1fffe113804d6809 x11: ffff6113804d6809 x10: 0000000000000a60 x9 : dfff800000000000 x8 : ffff089c026b404f x7 : 00009eec7fb297f7 x6 : 0000000000000001 x5 : ffff80000ad30120 x4 : dfff800000000000 x3 : ffffa8da8e3016f4 x2 : 0000000000000003 x1 : 0000000000000000 x0 : 0000000000000000 Kernel panic - not syncing: kernel stack overflow CPU: 5 PID: 190 Comm: bash Not tainted 6.2.0-rc2-00320-g1f5abbd77e2c #19 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0xf8/0x108 show_stack+0x20/0x30 dump_stack_lvl+0x68/0x84 dump_stack+0x1c/0x38 panic+0x214/0x404 add_taint+0x0/0xf8 panic_bad_stack+0x144/0x160 handle_bad_stack+0x38/0x58 __bad_stack+0x78/0x7c __rcu_irq_enter_check_tick+0x0/0x1b8 arm64_enter_el1_dbg.isra.0+0x14/0x20 el1_dbg+0x2c/0x90 el1h_64_sync_handler+0xcc/0xe8 el1h_64_sync+0x64/0x68 __rcu_irq_enter_check_tick+0x0/0x1b8 arm64_enter_el1_dbg.isra.0+0x14/0x20 el1_dbg+0x2c/0x90 el1h_64_sync_handler+0xcc/0xe8 el1h_64_sync+0x64/0x68 __rcu_irq_enter_check_tick+0x0/0x1b8 arm64_enter_el1_dbg.isra.0+0x14/0x20 el1_dbg+0x2c/0x90 el1h_64_sync_handler+0xcc/0xe8 el1h_64_sync+0x64/0x68 __rcu_irq_enter_check_tick+0x0/0x1b8 [...] el1_dbg+0x2c/0x90 el1h_64_sync_handler+0xcc/0xe8 el1h_64_sync+0x64/0x68 __rcu_irq_enter_check_tick+0x0/0x1b8 arm64_enter_el1_dbg.isra.0+0x14/0x20 el1_dbg+0x2c/0x90 el1h_64_sync_handler+0xcc/0xe8 el1h_64_sync+0x64/0x68 __rcu_irq_enter_check_tick+0x0/0x1b8 arm64_enter_el1_dbg.isra.0+0x14/0x20 el1_dbg+0x2c/0x90 el1h_64_sync_handler+0xcc/0xe8 el1h_64_sync+0x64/0x68 __rcu_irq_enter_check_tick+0x0/0x1b8 el1_interrupt+0x28/0x60 el1h_64_irq_handler+0x18/0x28 el1h_64_irq+0x64/0x68 __ftrace_set_clr_event_nolock+0x98/0x198 __ftrace_set_clr_event+0x58/0x80 system_enable_write+0x144/0x178 vfs_write+0x174/0x738 ksys_write+0xd0/0x188 __arm64_sys_write+0x4c/0x60 invoke_syscall+0x64/0x180 el0_svc_common.constprop.0+0x84/0x160 do_el0_svc+0x48/0xe8 el0_svc+0x34/0xd0 el0t_64_sync_handler+0xb8/0xc0 el0t_64_sync+0x190/0x194 SMP: stopping secondary CPUs Kernel Offset: 0x28da86000000 from 0xffff800008000000 PHYS_OFFSET: 0xfffff76600000000 CPU features: 0x00000,01a00100,0000421b Memory Limit: none
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4c3d1a6720aefb02403ddfebe85db521d3af2c3b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7a29fb4a4771124bc61de397dbfc1554dbbcc19c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7b5a97333e920b69356e097f185bdc51d61e66ee
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/93b6295f677d96b73cfcb703532f6c7369a60d96
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c8a3341b339285495cf7c8d061d659465f2311e0
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/eb18bc5a8678f431c500e6da1b8b5f34478d5bc1
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed\n\nRegistering a kprobe on __rcu_irq_enter_check_tick() can cause kernel\nstack overflow as shown below. This issue can be reproduced by enabling\nCONFIG_NO_HZ_FULL and booting the kernel with argument \"nohz_full=\",\nand then giving the following commands at the shell prompt:\n\n  # cd /sys/kernel/tracing/\n  # echo \u0027p:mp1 __rcu_irq_enter_check_tick\u0027 \u003e\u003e kprobe_events\n  # echo 1 \u003e events/kprobes/enable\n\nThis commit therefore adds __rcu_irq_enter_check_tick() to the kprobes\nblacklist using NOKPROBE_SYMBOL().\n\nInsufficient stack space to handle exception!\nESR: 0x00000000f2000004 -- BRK (AArch64)\nFAR: 0x0000ffffccf3e510\nTask stack:     [0xffff80000ad30000..0xffff80000ad38000]\nIRQ stack:      [0xffff800008050000..0xffff800008058000]\nOverflow stack: [0xffff089c36f9f310..0xffff089c36fa0310]\nCPU: 5 PID: 190 Comm: bash Not tainted 6.2.0-rc2-00320-g1f5abbd77e2c #19\nHardware name: linux,dummy-virt (DT)\npstate: 400003c5 (nZcv DAIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __rcu_irq_enter_check_tick+0x0/0x1b8\nlr : ct_nmi_enter+0x11c/0x138\nsp : ffff80000ad30080\nx29: ffff80000ad30080 x28: ffff089c82e20000 x27: 0000000000000000\nx26: 0000000000000000 x25: ffff089c02a8d100 x24: 0000000000000000\nx23: 00000000400003c5 x22: 0000ffffccf3e510 x21: ffff089c36fae148\nx20: ffff80000ad30120 x19: ffffa8da8fcce148 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: ffffa8da8e44ea6c\nx14: ffffa8da8e44e968 x13: ffffa8da8e03136c x12: 1fffe113804d6809\nx11: ffff6113804d6809 x10: 0000000000000a60 x9 : dfff800000000000\nx8 : ffff089c026b404f x7 : 00009eec7fb297f7 x6 : 0000000000000001\nx5 : ffff80000ad30120 x4 : dfff800000000000 x3 : ffffa8da8e3016f4\nx2 : 0000000000000003 x1 : 0000000000000000 x0 : 0000000000000000\nKernel panic - not syncing: kernel stack overflow\nCPU: 5 PID: 190 Comm: bash Not tainted 6.2.0-rc2-00320-g1f5abbd77e2c #19\nHardware name: linux,dummy-virt (DT)\nCall trace:\n dump_backtrace+0xf8/0x108\n show_stack+0x20/0x30\n dump_stack_lvl+0x68/0x84\n dump_stack+0x1c/0x38\n panic+0x214/0x404\n add_taint+0x0/0xf8\n panic_bad_stack+0x144/0x160\n handle_bad_stack+0x38/0x58\n __bad_stack+0x78/0x7c\n __rcu_irq_enter_check_tick+0x0/0x1b8\n arm64_enter_el1_dbg.isra.0+0x14/0x20\n el1_dbg+0x2c/0x90\n el1h_64_sync_handler+0xcc/0xe8\n el1h_64_sync+0x64/0x68\n __rcu_irq_enter_check_tick+0x0/0x1b8\n arm64_enter_el1_dbg.isra.0+0x14/0x20\n el1_dbg+0x2c/0x90\n el1h_64_sync_handler+0xcc/0xe8\n el1h_64_sync+0x64/0x68\n __rcu_irq_enter_check_tick+0x0/0x1b8\n arm64_enter_el1_dbg.isra.0+0x14/0x20\n el1_dbg+0x2c/0x90\n el1h_64_sync_handler+0xcc/0xe8\n el1h_64_sync+0x64/0x68\n __rcu_irq_enter_check_tick+0x0/0x1b8\n [...]\n el1_dbg+0x2c/0x90\n el1h_64_sync_handler+0xcc/0xe8\n el1h_64_sync+0x64/0x68\n __rcu_irq_enter_check_tick+0x0/0x1b8\n arm64_enter_el1_dbg.isra.0+0x14/0x20\n el1_dbg+0x2c/0x90\n el1h_64_sync_handler+0xcc/0xe8\n el1h_64_sync+0x64/0x68\n __rcu_irq_enter_check_tick+0x0/0x1b8\n arm64_enter_el1_dbg.isra.0+0x14/0x20\n el1_dbg+0x2c/0x90\n el1h_64_sync_handler+0xcc/0xe8\n el1h_64_sync+0x64/0x68\n __rcu_irq_enter_check_tick+0x0/0x1b8\n el1_interrupt+0x28/0x60\n el1h_64_irq_handler+0x18/0x28\n el1h_64_irq+0x64/0x68\n __ftrace_set_clr_event_nolock+0x98/0x198\n __ftrace_set_clr_event+0x58/0x80\n system_enable_write+0x144/0x178\n vfs_write+0x174/0x738\n ksys_write+0xd0/0x188\n __arm64_sys_write+0x4c/0x60\n invoke_syscall+0x64/0x180\n el0_svc_common.constprop.0+0x84/0x160\n do_el0_svc+0x48/0xe8\n el0_svc+0x34/0xd0\n el0t_64_sync_handler+0xb8/0xc0\n el0t_64_sync+0x190/0x194\nSMP: stopping secondary CPUs\nKernel Offset: 0x28da86000000 from 0xffff800008000000\nPHYS_OFFSET: 0xfffff76600000000\nCPU features: 0x00000,01a00100,0000421b\nMemory Limit: none"
    }
  ],
  "id": "CVE-2023-53655",
  "lastModified": "2025-10-08T19:38:09.863",
  "metrics": {},
  "published": "2025-10-07T16:15:49.090",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4c3d1a6720aefb02403ddfebe85db521d3af2c3b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7a29fb4a4771124bc61de397dbfc1554dbbcc19c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7b5a97333e920b69356e097f185bdc51d61e66ee"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/93b6295f677d96b73cfcb703532f6c7369a60d96"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c8a3341b339285495cf7c8d061d659465f2311e0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/eb18bc5a8678f431c500e6da1b8b5f34478d5bc1"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.