CVE-2023-53501

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53501
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53501.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-53501
Downstream
Related
Published
2025-10-01T11:45:52.204Z
Modified
2026-04-02T09:44:23.153172Z
Summary
iommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind
Details

In the Linux kernel, the following vulnerability has been resolved:

iommu/amd/iommuv2: Fix pasidstate refcount dec hit 0 warning on pasid unbind

When unbinding pasid - a race condition exists vs outstanding page faults.

To prevent this, the pasid_state object contains a refcount. * set to 1 on pasid bind * incremented on each ppr notification start * decremented on each ppr notification done * decremented on pasid unbind

Since refcountdec assumes that refcount will never reach 0: the current implementation causes the following to be invoked on pasid unbind: REFCOUNTWARN("decrement hit 0; leaking memory")

Fix this issue by changing refcountdec to refcountdecandtest to explicitly handle refcount=1.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53501.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8bc54824da4e8fcf0ed679cf09ac32f23d83254a
Fixed
a50d60b8f2aff46dd7c7edb4a5835cdc4d432c22
Fixed
13ed255248dfbbb7f23f9170c7a537fb9ca22c73
Fixed
9ccc51be3126b25cfe9351dbffde946c925cc28a
Fixed
98d86bf32187db27946ca817c2467a5f2f7aa02f
Fixed
534103bcd52ca9c1fecbc70e717b4a538dc4ded8

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53501.json"