CVE-2023-53401
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-53401
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53401.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53401
- Downstream
- Related
- Published
- 2025-09-18T13:33:41Z
- Modified
- 2025-10-21T17:01:53.332857Z
- Summary
- mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
mm: kmem: fix a NULL pointer dereference in objstockflush_required()
KCSAN found an issue in objstockflushrequired(): stock->cachedobjcg can be reset between the check and dereference:
================================================================== BUG: KCSAN: data-race in drainallstock / drainobjstock
write to 0xffff888237c2a2f8 of 8 bytes by task 19625 on cpu 0: drainobjstock+0x408/0x4e0 mm/memcontrol.c:3306 refillobjstock+0x9c/0x1e0 mm/memcontrol.c:3340 objcgroupuncharge+0xe/0x10 mm/memcontrol.c:3408 memcgslabfreehook mm/slab.h:587 [inline] cachefree mm/slab.c:3373 [inline] _dokmemcachefree mm/slab.c:3577 [inline] kmemcachefree+0x105/0x280 mm/slab.c:3602 _dfree fs/dcache.c:298 [inline] dentryfree fs/dcache.c:375 [inline] _dentrykill+0x422/0x4a0 fs/dcache.c:621 dentrykill+0x8d/0x1e0 dput+0x118/0x1f0 fs/dcache.c:913 _fput+0x3bf/0x570 fs/filetable.c:329 fput+0x15/0x20 fs/filetable.c:349 taskworkrun+0x123/0x160 kernel/taskwork.c:179 resumeusermodework include/linux/resumeusermode.h:49 [inline] exittousermodeloop+0xcf/0xe0 kernel/entry/common.c:171 exittousermodeprepare+0x6a/0xa0 kernel/entry/common.c:203 _syscallexittousermodework kernel/entry/common.c:285 [inline] syscallexittousermode+0x26/0x140 kernel/entry/common.c:296 dosyscall64+0x4d/0xc0 arch/x86/entry/common.c:86 entrySYSCALL64after_hwframe+0x63/0xcd
read to 0xffff888237c2a2f8 of 8 bytes by task 19632 on cpu 1: objstockflushrequired mm/memcontrol.c:3319 [inline] drainallstock+0x174/0x2a0 mm/memcontrol.c:2361 trychargememcg+0x6d0/0xd10 mm/memcontrol.c:2703 trycharge mm/memcontrol.c:2837 [inline] memcgroupchargeskmem+0x51/0x140 mm/memcontrol.c:7290 sockreservememory+0xb1/0x390 net/core/sock.c:1025 sksetsockopt+0x800/0x1e70 net/core/sock.c:1525 udplibsetsockopt+0x99/0x6c0 net/ipv4/udp.c:2692 udpsetsockopt+0x73/0xa0 net/ipv4/udp.c:2817 sockcommonsetsockopt+0x61/0x70 net/core/sock.c:3668 _syssetsockopt+0x1c3/0x230 net/socket.c:2271 _dosyssetsockopt net/socket.c:2282 [inline] _sesyssetsockopt net/socket.c:2279 [inline] _x64syssetsockopt+0x66/0x80 net/socket.c:2279 dosyscallx64 arch/x86/entry/common.c:50 [inline] dosyscall64+0x41/0xc0 arch/x86/entry/common.c:80 entrySYSCALL64afterhwframe+0x63/0xcd
value changed: 0xffff8881382d52c0 -> 0xffff888138893740
Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 19632 Comm: syz-executor.0 Not tainted 6.3.0-rc2-syzkaller-00387-g534293368afa #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Fix it by using READONCE()/WRITEONCE() for all accesses to stock->cached_objcg.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbf4f059954dcb221384b2f784677e19a13cd4bdbFixed33d9490b27e5d8da4444aefd714a4f50189db978
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbf4f059954dcb221384b2f784677e19a13cd4bdbFixed33391c7e1a2ad612bf3922cc168cb09a46bbe236
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbf4f059954dcb221384b2f784677e19a13cd4bdbFixed3b8abb3239530c423c0b97e42af7f7e856e1ee96
Affected versions
v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.4.1
v6.4.2
v6.4.3
v6.4.4
v6.4.5
v6.4.6
v6.4.7
v6.4.8
v6.4.9
Database specific
vanir_signatures
[
{
"id": "CVE-2023-53401-09f379e1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33d9490b27e5d8da4444aefd714a4f50189db978",
"digest": {
"length": 1335.0,
"function_hash": "28005843226980545360178439938890260191"
},
"signature_version": "v1",
"target": {
"function": "mod_objcg_state",
"file": "mm/memcontrol.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53401-0a087f9c",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33d9490b27e5d8da4444aefd714a4f50189db978",
"digest": {
"length": 959.0,
"function_hash": "124058269129703460902595785824699450609"
},
"signature_version": "v1",
"target": {
"function": "drain_obj_stock",
"file": "mm/memcontrol.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53401-15f2d37b",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3b8abb3239530c423c0b97e42af7f7e856e1ee96",
"digest": {
"line_hashes": [
"9574978157928212444753645447180421132",
"83083103293097005399597480152721827006",
"217530223591559584896246637411219833705",
"23468316970458277959998045276085556967",
"256079185539071036853867900491871955085",
"158616793796119131770806828755828843494",
"207571296622756895252353881456474364922",
"10898262084327856315358210176547894865",
"247456356425535144891365575527816855181",
"235546114569952241977632662440159660841",
"22262935281980737843383296567574986679",
"274320300951216541595329705417360548269",
"144143755449708700379102712217032783848",
"12490336336919774366842658844288465740",
"287444392836107562227800660933863765376",
"303719145551310660462509616290939080005",
"333251985146405555987638025164846139842",
"148891890179430759320560685213927468535",
"13175097416236734238025363642368652637",
"51882516132001141414458080066122817982",
"231627793802439970125968447430985872701",
"339705551054354138638225326448731349789",
"114265890594305835009871899737259681040",
"150055763082424852717842846140341406401",
"214906719367749396650279186435847009558",
"69164133529908534123120677332625646446",
"229143145726192492260375969142141198537",
"258944541571946128830047985425359355648",
"71116383836137053226614759154427599760",
"83083103293097005399597480152721827006",
"217530223591559584896246637411219833705",
"283472042489629376045006176469641787598",
"266571231248218305466968051828821223292",
"65332618899859342419203782517061328703",
"332544083921030018152330703445859826461"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "mm/memcontrol.c"
},
"signature_type": "Line",
"deprecated": false
},
{
"id": "CVE-2023-53401-2a1cca88",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33d9490b27e5d8da4444aefd714a4f50189db978",
"digest": {
"line_hashes": [
"9574978157928212444753645447180421132",
"83083103293097005399597480152721827006",
"217530223591559584896246637411219833705",
"23468316970458277959998045276085556967",
"256079185539071036853867900491871955085",
"158616793796119131770806828755828843494",
"207571296622756895252353881456474364922",
"10898262084327856315358210176547894865",
"247456356425535144891365575527816855181",
"235546114569952241977632662440159660841",
"22262935281980737843383296567574986679",
"274320300951216541595329705417360548269",
"144143755449708700379102712217032783848",
"12490336336919774366842658844288465740",
"287444392836107562227800660933863765376",
"303719145551310660462509616290939080005",
"333251985146405555987638025164846139842",
"148891890179430759320560685213927468535",
"13175097416236734238025363642368652637",
"51882516132001141414458080066122817982",
"231627793802439970125968447430985872701",
"339705551054354138638225326448731349789",
"114265890594305835009871899737259681040",
"150055763082424852717842846140341406401",
"214906719367749396650279186435847009558",
"69164133529908534123120677332625646446",
"229143145726192492260375969142141198537",
"258944541571946128830047985425359355648",
"71116383836137053226614759154427599760",
"83083103293097005399597480152721827006",
"217530223591559584896246637411219833705",
"283472042489629376045006176469641787598",
"266571231248218305466968051828821223292",
"65332618899859342419203782517061328703",
"332544083921030018152330703445859826461"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "mm/memcontrol.c"
},
"signature_type": "Line",
"deprecated": false
},
{
"id": "CVE-2023-53401-3ba11b46",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33391c7e1a2ad612bf3922cc168cb09a46bbe236",
"digest": {
"length": 217.0,
"function_hash": "87718366344497468293822982044709081608"
},
"signature_version": "v1",
"target": {
"function": "obj_stock_flush_required",
"file": "mm/memcontrol.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53401-487022aa",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33d9490b27e5d8da4444aefd714a4f50189db978",
"digest": {
"length": 367.0,
"function_hash": "205431129111432300382378166889602022620"
},
"signature_version": "v1",
"target": {
"function": "consume_obj_stock",
"file": "mm/memcontrol.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53401-620ebe4a",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33391c7e1a2ad612bf3922cc168cb09a46bbe236",
"digest": {
"length": 959.0,
"function_hash": "124058269129703460902595785824699450609"
},
"signature_version": "v1",
"target": {
"function": "drain_obj_stock",
"file": "mm/memcontrol.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53401-62ff926a",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3b8abb3239530c423c0b97e42af7f7e856e1ee96",
"digest": {
"length": 217.0,
"function_hash": "87718366344497468293822982044709081608"
},
"signature_version": "v1",
"target": {
"function": "obj_stock_flush_required",
"file": "mm/memcontrol.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53401-708e1beb",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33391c7e1a2ad612bf3922cc168cb09a46bbe236",
"digest": {
"length": 1335.0,
"function_hash": "28005843226980545360178439938890260191"
},
"signature_version": "v1",
"target": {
"function": "mod_objcg_state",
"file": "mm/memcontrol.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53401-825dc2dc",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3b8abb3239530c423c0b97e42af7f7e856e1ee96",
"digest": {
"length": 744.0,
"function_hash": "4689703483957789634865655855197647707"
},
"signature_version": "v1",
"target": {
"function": "refill_obj_stock",
"file": "mm/memcontrol.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53401-98bb9fc5",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3b8abb3239530c423c0b97e42af7f7e856e1ee96",
"digest": {
"length": 367.0,
"function_hash": "205431129111432300382378166889602022620"
},
"signature_version": "v1",
"target": {
"function": "consume_obj_stock",
"file": "mm/memcontrol.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53401-a32c0bd2",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3b8abb3239530c423c0b97e42af7f7e856e1ee96",
"digest": {
"length": 959.0,
"function_hash": "124058269129703460902595785824699450609"
},
"signature_version": "v1",
"target": {
"function": "drain_obj_stock",
"file": "mm/memcontrol.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53401-a57e62c3",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33d9490b27e5d8da4444aefd714a4f50189db978",
"digest": {
"length": 744.0,
"function_hash": "4689703483957789634865655855197647707"
},
"signature_version": "v1",
"target": {
"function": "refill_obj_stock",
"file": "mm/memcontrol.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53401-c293938f",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3b8abb3239530c423c0b97e42af7f7e856e1ee96",
"digest": {
"length": 1335.0,
"function_hash": "28005843226980545360178439938890260191"
},
"signature_version": "v1",
"target": {
"function": "mod_objcg_state",
"file": "mm/memcontrol.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53401-d3904339",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33391c7e1a2ad612bf3922cc168cb09a46bbe236",
"digest": {
"length": 367.0,
"function_hash": "205431129111432300382378166889602022620"
},
"signature_version": "v1",
"target": {
"function": "consume_obj_stock",
"file": "mm/memcontrol.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53401-db4a15d7",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33391c7e1a2ad612bf3922cc168cb09a46bbe236",
"digest": {
"length": 744.0,
"function_hash": "4689703483957789634865655855197647707"
},
"signature_version": "v1",
"target": {
"function": "refill_obj_stock",
"file": "mm/memcontrol.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53401-ea47bb94",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33d9490b27e5d8da4444aefd714a4f50189db978",
"digest": {
"length": 217.0,
"function_hash": "87718366344497468293822982044709081608"
},
"signature_version": "v1",
"target": {
"function": "obj_stock_flush_required",
"file": "mm/memcontrol.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"id": "CVE-2023-53401-fd5207f8",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33391c7e1a2ad612bf3922cc168cb09a46bbe236",
"digest": {
"line_hashes": [
"9574978157928212444753645447180421132",
"83083103293097005399597480152721827006",
"217530223591559584896246637411219833705",
"23468316970458277959998045276085556967",
"256079185539071036853867900491871955085",
"158616793796119131770806828755828843494",
"207571296622756895252353881456474364922",
"10898262084327856315358210176547894865",
"247456356425535144891365575527816855181",
"235546114569952241977632662440159660841",
"22262935281980737843383296567574986679",
"274320300951216541595329705417360548269",
"144143755449708700379102712217032783848",
"12490336336919774366842658844288465740",
"287444392836107562227800660933863765376",
"303719145551310660462509616290939080005",
"333251985146405555987638025164846139842",
"148891890179430759320560685213927468535",
"13175097416236734238025363642368652637",
"51882516132001141414458080066122817982",
"231627793802439970125968447430985872701",
"339705551054354138638225326448731349789",
"114265890594305835009871899737259681040",
"150055763082424852717842846140341406401",
"214906719367749396650279186435847009558",
"69164133529908534123120677332625646446",
"229143145726192492260375969142141198537",
"258944541571946128830047985425359355648",
"71116383836137053226614759154427599760",
"83083103293097005399597480152721827006",
"217530223591559584896246637411219833705",
"283472042489629376045006176469641787598",
"266571231248218305466968051828821223292",
"65332618899859342419203782517061328703",
"332544083921030018152330703445859826461"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "mm/memcontrol.c"
},
"signature_type": "Line",
"deprecated": false
}
]