CVE-2023-53216
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-53216
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53216.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53216
- Downstream
- Related
- Published
- 2025-09-15T14:21:43Z
- Modified
- 2025-10-21T16:25:31.034125Z
- Summary
- arm64: efi: Make efi_rt_lock a raw_spinlock
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
arm64: efi: Make efirtlock a raw_spinlock
Running a rt-kernel base on 6.2.0-rc3-rt1 on an Ampere Altra outputs the following: BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:46 inatomic(): 1, irqsdisabled(): 0, nonblock: 0, pid: 9, name: kworker/u320:0 preemptcount: 2, expected: 0 RCU nest depth: 0, expected: 0 3 locks held by kworker/u320:0/9: #0: ffff3fff8c27d128 ((wqcompletion)efirtswq){+.+.}-{0:0}, at: processonework (./include/linux/atomic/atomic-long.h:41) #1: ffff80000861bdd0 ((workcompletion)(&efirtswork.work)){+.+.}-{0:0}, at: processonework (./include/linux/atomic/atomic-long.h:41) #2: ffffdf7e1ed3e460 (efirtlock){+.+.}-{3:3}, at: eficallrts (drivers/firmware/efi/runtime-wrappers.c:101) Preemption disabled at: efivirtmapload (./arch/arm64/include/asm/mmucontext.h:248) CPU: 0 PID: 9 Comm: kworker/u320:0 Tainted: G W 6.2.0-rc3-rt1 Hardware name: WIWYNN Mt.Jade Server System B81.03001.0005/Mt.Jade Motherboard, BIOS 1.08.20220218 (SCP: 1.08.20220218) 2022/02/18 Workqueue: efirtswq eficallrts Call trace: dumpbacktrace (arch/arm64/kernel/stacktrace.c:158) showstack (arch/arm64/kernel/stacktrace.c:165) dumpstacklvl (lib/dumpstack.c:107 (discriminator 4)) dumpstack (lib/dumpstack.c:114) _mightresched (kernel/sched/core.c:10134) rtspinlock (kernel/locking/rtmutex.c:1769 (discriminator 4)) eficall_rts (drivers/firmware/efi/runtime-wrappers.c:101) [...]
This seems to come from commit ff7a167961d1 ("arm64: efi: Execute runtime services from a dedicated stack") which adds a spinlock. This spinlock is taken through: eficallrts() -eficallvirt() -eficallvirtpointer() -archeficallvirt_setup()
Make 'efirtlock' a raw_spinlock to avoid being preempted.
[ardb: The EFI runtime services are called with a different set of translation tables, and are permitted to use the SIMD registers. The context switch code preserves/restores neither, and so EFI calls must be made with preemption disabled, rather than only disabling migration.]
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/030b1c4217a4f504c7d0795a2bd86b7181e56f11
- https://git.kernel.org/stable/c/0e68b5517d3767562889f1d83fdb828c26adb24f
- https://git.kernel.org/stable/c/4e8f7d998b582a99aadedd07ae6086e99b89c97a
- https://git.kernel.org/stable/c/6a72729ed6accc86dad5522895e8fa2f96642a2c
- https://git.kernel.org/stable/c/8b38969fa01662ec539a0d08a8ea5ec6f31fa4ed
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4012603cbd469223f225637d265a233f034c567aFixed030b1c4217a4f504c7d0795a2bd86b7181e56f11
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedde2af657cab92afc13a4ccd8780370481ed0eb61Fixed6a72729ed6accc86dad5522895e8fa2f96642a2c
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf75a91c82dc805af8f718ff106ec9c090234b37bFixed8b38969fa01662ec539a0d08a8ea5ec6f31fa4ed
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedff7a167961d1b97e0e205f245f806e564d3505e7Fixed4e8f7d998b582a99aadedd07ae6086e99b89c97a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedff7a167961d1b97e0e205f245f806e564d3505e7Fixed0e68b5517d3767562889f1d83fdb828c26adb24f
Affected versions
v5.*
v5.10.165
v5.10.166
v5.10.167
v5.10.168
v5.10.169
v5.10.170
v5.10.171
v5.10.172
v5.10.173
v5.10.174
v5.15.100
v5.15.101
v5.15.102
v5.15.90
v5.15.91
v5.15.92
v5.15.93
v5.15.94
v5.15.95
v5.15.96
v5.15.97
v5.15.98
v5.15.99
v6.*
v6.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.2.1
v6.2.2
v6.2.3
v6.2.4
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0e68b5517d3767562889f1d83fdb828c26adb24f",
"target": {
"file": "arch/arm64/kernel/efi.c"
},
"digest": {
"line_hashes": [
"3164134378820229876195299753388669497",
"247174944811988138214071165613159476939",
"71794023494825226876793321093558220657",
"58071543736126066971073138304942716479"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2023-53216-199edf6a",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8b38969fa01662ec539a0d08a8ea5ec6f31fa4ed",
"target": {
"file": "arch/arm64/include/asm/efi.h"
},
"digest": {
"line_hashes": [
"256552524490730138421110852455538223745",
"219624843499466222697725939606904913685",
"34905451722413886486018963581267491055",
"227124220219961117124404790412079361250",
"73125217189263694741660215036985730660",
"169105344910847147909030955757436576654",
"75132193588040701490681215894780602136",
"100289112281229929873169678297029895564",
"86300948228610935384675949438256519472",
"218152731130853348285077566938425405518",
"185411956342793423282729880962803050093",
"284348473383997086179751563322068304162"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2023-53216-1e961b3e",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4e8f7d998b582a99aadedd07ae6086e99b89c97a",
"target": {
"file": "arch/arm64/include/asm/efi.h"
},
"digest": {
"line_hashes": [
"256552524490730138421110852455538223745",
"219624843499466222697725939606904913685",
"34905451722413886486018963581267491055",
"227124220219961117124404790412079361250",
"73125217189263694741660215036985730660",
"169105344910847147909030955757436576654",
"75132193588040701490681215894780602136",
"100289112281229929873169678297029895564",
"86300948228610935384675949438256519472",
"218152731130853348285077566938425405518",
"185411956342793423282729880962803050093",
"284348473383997086179751563322068304162"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2023-53216-261519f5",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4e8f7d998b582a99aadedd07ae6086e99b89c97a",
"target": {
"file": "arch/arm64/kernel/efi.c"
},
"digest": {
"line_hashes": [
"3164134378820229876195299753388669497",
"247174944811988138214071165613159476939",
"71794023494825226876793321093558220657",
"58071543736126066971073138304942716479"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2023-53216-2a37760f",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6a72729ed6accc86dad5522895e8fa2f96642a2c",
"target": {
"file": "arch/arm64/include/asm/efi.h"
},
"digest": {
"line_hashes": [
"256552524490730138421110852455538223745",
"219624843499466222697725939606904913685",
"155074803210586928682803303938042251468",
"236355369352201047192250443517525744572",
"156907724165523947524160810534542946448",
"69235913408524544276356157803982491916",
"75132193588040701490681215894780602136",
"100289112281229929873169678297029895564",
"86300948228610935384675949438256519472",
"2751689595188619749209278097643041424",
"128300897471990427750636149915832545911",
"305302452077782509352948909863297229943"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2023-53216-6974fff6",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8b38969fa01662ec539a0d08a8ea5ec6f31fa4ed",
"target": {
"file": "arch/arm64/kernel/efi.c"
},
"digest": {
"line_hashes": [
"3164134378820229876195299753388669497",
"247174944811988138214071165613159476939",
"71794023494825226876793321093558220657",
"58071543736126066971073138304942716479"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2023-53216-6d2c5a0e",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@030b1c4217a4f504c7d0795a2bd86b7181e56f11",
"target": {
"file": "arch/arm64/kernel/efi.c"
},
"digest": {
"line_hashes": [
"3164134378820229876195299753388669497",
"247174944811988138214071165613159476939",
"199221849217110810979351771046944512878",
"336625154553384229755237706355336473215"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2023-53216-820447d2",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6a72729ed6accc86dad5522895e8fa2f96642a2c",
"target": {
"file": "arch/arm64/kernel/efi.c"
},
"digest": {
"line_hashes": [
"3164134378820229876195299753388669497",
"247174944811988138214071165613159476939",
"199221849217110810979351771046944512878",
"336625154553384229755237706355336473215"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2023-53216-d4c38f6c",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0e68b5517d3767562889f1d83fdb828c26adb24f",
"target": {
"file": "arch/arm64/include/asm/efi.h"
},
"digest": {
"line_hashes": [
"256552524490730138421110852455538223745",
"219624843499466222697725939606904913685",
"34905451722413886486018963581267491055",
"227124220219961117124404790412079361250",
"73125217189263694741660215036985730660",
"169105344910847147909030955757436576654",
"75132193588040701490681215894780602136",
"100289112281229929873169678297029895564",
"86300948228610935384675949438256519472",
"2751689595188619749209278097643041424",
"128300897471990427750636149915832545911",
"305302452077782509352948909863297229943"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2023-53216-d8320b66",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@030b1c4217a4f504c7d0795a2bd86b7181e56f11",
"target": {
"file": "arch/arm64/include/asm/efi.h"
},
"digest": {
"line_hashes": [
"256552524490730138421110852455538223745",
"219624843499466222697725939606904913685",
"155074803210586928682803303938042251468",
"236355369352201047192250443517525744572",
"156907724165523947524160810534542946448",
"69235913408524544276356157803982491916",
"75132193588040701490681215894780602136",
"100289112281229929873169678297029895564",
"86300948228610935384675949438256519472",
"2751689595188619749209278097643041424",
"128300897471990427750636149915832545911",
"305302452077782509352948909863297229943"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2023-53216-faacb2e3",
"signature_version": "v1"
}
]
Linux / Kernel
Package
- Name
- Kernel