ghsa-q98w-vcm8-j2qw
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
arm64: efi: Make efi_rt_lock a raw_spinlock
Running a rt-kernel base on 6.2.0-rc3-rt1 on an Ampere Altra outputs the following: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 9, name: kworker/u320:0 preempt_count: 2, expected: 0 RCU nest depth: 0, expected: 0 3 locks held by kworker/u320:0/9: #0: ffff3fff8c27d128 ((wq_completion)efi_rts_wq){+.+.}-{0:0}, at: process_one_work (./include/linux/atomic/atomic-long.h:41) #1: ffff80000861bdd0 ((work_completion)(&efi_rts_work.work)){+.+.}-{0:0}, at: process_one_work (./include/linux/atomic/atomic-long.h:41) #2: ffffdf7e1ed3e460 (efi_rt_lock){+.+.}-{3:3}, at: efi_call_rts (drivers/firmware/efi/runtime-wrappers.c:101) Preemption disabled at: efi_virtmap_load (./arch/arm64/include/asm/mmu_context.h:248) CPU: 0 PID: 9 Comm: kworker/u320:0 Tainted: G W 6.2.0-rc3-rt1 Hardware name: WIWYNN Mt.Jade Server System B81.03001.0005/Mt.Jade Motherboard, BIOS 1.08.20220218 (SCP: 1.08.20220218) 2022/02/18 Workqueue: efi_rts_wq efi_call_rts Call trace: dump_backtrace (arch/arm64/kernel/stacktrace.c:158) show_stack (arch/arm64/kernel/stacktrace.c:165) dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4)) dump_stack (lib/dump_stack.c:114) __might_resched (kernel/sched/core.c:10134) rt_spin_lock (kernel/locking/rtmutex.c:1769 (discriminator 4)) efi_call_rts (drivers/firmware/efi/runtime-wrappers.c:101) [...]
This seems to come from commit ff7a167961d1 ("arm64: efi: Execute runtime services from a dedicated stack") which adds a spinlock. This spinlock is taken through: efi_call_rts() -efi_call_virt() -efi_call_virt_pointer() -arch_efi_call_virt_setup()
Make 'efi_rt_lock' a raw_spinlock to avoid being preempted.
[ardb: The EFI runtime services are called with a different set of translation tables, and are permitted to use the SIMD registers. The context switch code preserves/restores neither, and so EFI calls must be made with preemption disabled, rather than only disabling migration.]
{
"affected": [],
"aliases": [
"CVE-2023-53216"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T15:15:48Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: efi: Make efi_rt_lock a raw_spinlock\n\nRunning a rt-kernel base on 6.2.0-rc3-rt1 on an Ampere Altra outputs\nthe following:\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 9, name: kworker/u320:0\n preempt_count: 2, expected: 0\n RCU nest depth: 0, expected: 0\n 3 locks held by kworker/u320:0/9:\n #0: ffff3fff8c27d128 ((wq_completion)efi_rts_wq){+.+.}-{0:0}, at: process_one_work (./include/linux/atomic/atomic-long.h:41)\n #1: ffff80000861bdd0 ((work_completion)(\u0026efi_rts_work.work)){+.+.}-{0:0}, at: process_one_work (./include/linux/atomic/atomic-long.h:41)\n #2: ffffdf7e1ed3e460 (efi_rt_lock){+.+.}-{3:3}, at: efi_call_rts (drivers/firmware/efi/runtime-wrappers.c:101)\n Preemption disabled at:\n efi_virtmap_load (./arch/arm64/include/asm/mmu_context.h:248)\n CPU: 0 PID: 9 Comm: kworker/u320:0 Tainted: G W 6.2.0-rc3-rt1\n Hardware name: WIWYNN Mt.Jade Server System B81.03001.0005/Mt.Jade Motherboard, BIOS 1.08.20220218 (SCP: 1.08.20220218) 2022/02/18\n Workqueue: efi_rts_wq efi_call_rts\n Call trace:\n dump_backtrace (arch/arm64/kernel/stacktrace.c:158)\n show_stack (arch/arm64/kernel/stacktrace.c:165)\n dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4))\n dump_stack (lib/dump_stack.c:114)\n __might_resched (kernel/sched/core.c:10134)\n rt_spin_lock (kernel/locking/rtmutex.c:1769 (discriminator 4))\n efi_call_rts (drivers/firmware/efi/runtime-wrappers.c:101)\n [...]\n\nThis seems to come from commit ff7a167961d1 (\"arm64: efi: Execute\nruntime services from a dedicated stack\") which adds a spinlock. This\nspinlock is taken through:\nefi_call_rts()\n\\-efi_call_virt()\n \\-efi_call_virt_pointer()\n \\-arch_efi_call_virt_setup()\n\nMake \u0027efi_rt_lock\u0027 a raw_spinlock to avoid being preempted.\n\n[ardb: The EFI runtime services are called with a different set of\n translation tables, and are permitted to use the SIMD registers.\n The context switch code preserves/restores neither, and so EFI\n calls must be made with preemption disabled, rather than only\n disabling migration.]",
"id": "GHSA-q98w-vcm8-j2qw",
"modified": "2025-09-15T15:31:28Z",
"published": "2025-09-15T15:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53216"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/030b1c4217a4f504c7d0795a2bd86b7181e56f11"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0e68b5517d3767562889f1d83fdb828c26adb24f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4e8f7d998b582a99aadedd07ae6086e99b89c97a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6a72729ed6accc86dad5522895e8fa2f96642a2c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8b38969fa01662ec539a0d08a8ea5ec6f31fa4ed"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.