CVE-2023-54283

EUVD-2023-60521

30.12.2025, 13:16

In the Linux kernel, the following vulnerability has been resolved:

bpf: Address KCSAN report on bpf_lru_list

KCSAN reported a data-race when accessing node->ref.
Although node->ref does not have to be accurate,
take this chance to use a more common READ_ONCE() and WRITE_ONCE()
pattern instead of data_race().

There is an existing bpf_lru_node_is_ref() and bpf_lru_node_set_ref().
This patch also adds bpf_lru_node_clear_ref() to do the
WRITE_ONCE(node->ref, 0) also.

==================================================================
BUG: KCSAN: data-race in __bpf_lru_list_rotate / __htab_lru_percpu_map_update_elem

write to 0xffff888137038deb of 1 bytes by task 11240 on cpu 1:
__bpf_lru_node_move kernel/bpf/bpf_lru_list.c:113 [inline]
__bpf_lru_list_rotate_active kernel/bpf/bpf_lru_list.c:149 [inline]
__bpf_lru_list_rotate+0x1bf/0x750 kernel/bpf/bpf_lru_list.c:240
bpf_lru_list_pop_free_to_local kernel/bpf/bpf_lru_list.c:329 [inline]
bpf_common_lru_pop_free kernel/bpf/bpf_lru_list.c:447 [inline]
bpf_lru_pop_free+0x638/0xe20 kernel/bpf/bpf_lru_list.c:499
prealloc_lru_pop kernel/bpf/hashtab.c:290 [inline]
__htab_lru_percpu_map_update_elem+0xe7/0x820 kernel/bpf/hashtab.c:1316
bpf_percpu_hash_update+0x5e/0x90 kernel/bpf/hashtab.c:2313
bpf_map_update_value+0x2a9/0x370 kernel/bpf/syscall.c:200
generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687
bpf_map_do_batch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534
__sys_bpf+0x338/0x810
__do_sys_bpf kernel/bpf/syscall.c:5096 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5094 [inline]
__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5094
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd

read to 0xffff888137038deb of 1 bytes by task 11241 on cpu 0:
bpf_lru_node_set_ref kernel/bpf/bpf_lru_list.h:70 [inline]
__htab_lru_percpu_map_update_elem+0x2f1/0x820 kernel/bpf/hashtab.c:1332
bpf_percpu_hash_update+0x5e/0x90 kernel/bpf/hashtab.c:2313
bpf_map_update_value+0x2a9/0x370 kernel/bpf/syscall.c:200
generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687
bpf_map_do_batch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534
__sys_bpf+0x338/0x810
__do_sys_bpf kernel/bpf/syscall.c:5096 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5094 [inline]
__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5094
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x01 -> 0x00

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 11241 Comm: syz-executor.3 Not tainted 6.3.0-rc7-syzkaller-00136-g6a66fdd29ea1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
==================================================================

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 14%

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.148-1 fixed
bookworm (security)	6.1.158-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.247-1 fixed
forky	6.17.13-1 fixed
sid	6.17.13-1 fixed
trixie	6.12.57-1 fixed
trixie (security)	6.12.48-1 fixed

openSUSE / SLES Releases

openSUSE Product

Release

cluster-md-kmp-default

suse enterprise server 15 SP6

6.4.0-150600.23.84.1

fixed

dlm-kmp-default

suse enterprise server 15 SP6

6.4.0-150600.23.84.1

fixed

gfs2-kmp-default

suse enterprise server 15 SP6

6.4.0-150600.23.84.1

fixed

kernel-64kb

suse enterprise desktop 15 SP7	6.4.0-150700.53.28.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.28.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.84.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.28.1 fixed

kernel-azure

suse enterprise sap 15 SP7	6.4.0-150700.20.24.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.20.24.1 fixed

kernel-default

suse enterprise desktop 15 SP7	6.4.0-150700.53.28.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.28.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.84.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.28.1 fixed

kernel-default-base

suse enterprise desktop 15 SP7	6.4.0-150700.53.28.1.150700.17.19.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.28.1.150700.17.19.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.84.1.150600.12.38.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.28.1.150700.17.19.1 fixed

kernel-docs

suse enterprise desktop 15 SP7	6.4.0-150700.53.28.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.28.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.84.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.28.1 fixed

kernel-macros

suse enterprise desktop 15 SP7	6.4.0-150700.53.28.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.28.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.84.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.28.1 fixed

kernel-obs-build

suse enterprise desktop 15 SP7	6.4.0-150700.53.28.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.28.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.84.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.28.1 fixed

kernel-source

suse enterprise desktop 15 SP7	6.4.0-150700.53.28.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.28.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.84.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.28.1 fixed

kernel-source-azure

suse enterprise sap 15 SP7	6.4.0-150700.20.24.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.20.24.1 fixed

kernel-syms

suse enterprise desktop 15 SP7	6.4.0-150700.53.28.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.28.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.84.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.28.1 fixed

kernel-syms-azure

suse enterprise sap 15 SP7	6.4.0-150700.20.24.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.20.24.1 fixed

kernel-zfcpdump

suse enterprise desktop 15 SP7	6.4.0-150700.53.28.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.28.1 fixed
suse enterprise server 15 SP6	6.4.0-150600.23.84.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.28.1 fixed

ocfs2-kmp-default

suse enterprise server 15 SP6

6.4.0-150600.23.84.1

fixed

reiserfs-kmp-default

suse enterprise server 15 SP6

6.4.0-150600.23.84.1

fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

bpftool

RHEL 9

0:7.3.0-427.13.1.el9_4

fixed

kernel

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-debug

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-debug-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-debug-devel

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-debug-devel-matched

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-debug-modules

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-debug-modules-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-debug-modules-extra

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-devel

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-devel-matched

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-modules

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-modules-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-modules-extra

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-abi-stablelists

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-debug

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-debug-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-debug-devel

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-debug-devel-matched

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-debug-modules

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-debug-modules-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-debug-modules-extra

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-debug-uki-virt

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-devel

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-devel-matched

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-doc

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-modules

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-modules-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-modules-extra

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-debug

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-debug-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-debug-devel

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-debug-kvm

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-debug-modules

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-debug-modules-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-debug-modules-extra

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-devel

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-kvm

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-modules

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-modules-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-modules-extra

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-tools

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-tools-libs

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-tools-libs-devel

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-uki-virt

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-zfcpdump

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-zfcpdump-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-zfcpdump-devel

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-zfcpdump-devel-matched

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-zfcpdump-modules

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-zfcpdump-modules-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-zfcpdump-modules-extra

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

libperf

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

perf

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

python3-perf

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

rtla

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

References

https://git.kernel.org/stable/c/6e5e83b56f50fbd1c8f7dca7df7d72c67be25571

https://git.kernel.org/stable/c/6eaef1b1d8720053eb1b6e7a3ff8b2ff0716bb90

https://git.kernel.org/stable/c/819ca25444b377935faa2dbb0aa3547519b5c80f

https://git.kernel.org/stable/c/a89d14410ea0352420f03cddc67e0002dcc8f9a5

https://git.kernel.org/stable/c/b6d9a4062c944ad095b34dc112bf646a84156f60

https://git.kernel.org/stable/c/c006fe361cfd947f51a56793deddf891e5cbfef8

https://git.kernel.org/stable/c/e09a285ea1e859d4cc6cb689d8d5d7c1f7c7c0d5

https://git.kernel.org/stable/c/ee9fd0ac3017c4313be91a220a9ac4c99dde7ad4