CVE-2023-53815

Summary

In the Linux kernel, the following vulnerability has been resolved:

posix-timers: Prevent RT livelock in itimer_delete()

itimer_delete() has a retry loop when the timer is concurrently expired. On non-RT kernels this just spin-waits until the timer callback has completed, except for posix CPU timers which have HAVE_POSIX_CPU_TIMERS_TASK_WORK enabled.

In that case and on RT kernels the existing task could live lock when preempting the task which does the timer delivery.

Replace spin_unlock() with an invocation of timer_wait_running() to handle it the same way as the other retry loops in the posix timer code.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxec8f954a40da8cd3d159713b608e901f0cd909a9 < f1be1ed32daa053484222f7f9beb2b16c624dffdaffected
LinuxLinuxec8f954a40da8cd3d159713b608e901f0cd909a9 < 0670c4c567b27bd8f999a943028f4fe60d1a1106affected
LinuxLinuxec8f954a40da8cd3d159713b608e901f0cd909a9 < e7aff15ba29ba4b3052786b1636fa5c4aa39e179affected
LinuxLinuxec8f954a40da8cd3d159713b608e901f0cd909a9 < f9bd298e3e4d3fd6e19f017789a42d0f332cd555affected
LinuxLinuxec8f954a40da8cd3d159713b608e901f0cd909a9 < c1968bb8a28625cc95d2ad3ca872ab98c9c36d59affected
LinuxLinuxec8f954a40da8cd3d159713b608e901f0cd909a9 < 9d9e522010eb5685d8b53e8a24320653d9d4cbbfaffected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux5.10.188 <= 5.10.*unaffected
LinuxLinux5.15.121 <= 5.15.*unaffected
LinuxLinux6.1.39 <= 6.1.*unaffected
LinuxLinux6.3.13 <= 6.3.*unaffected
LinuxLinux6.4.4 <= 6.4.*unaffected
LinuxLinux6.5 <= *unaffected

Weaknesses

References