DEBIAN-CVE-2023-53522
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-53522
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53522.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-53522
- Upstream
- Published
- 2025-10-01T12:15:56.617Z
- Modified
- 2025-11-19T01:06:26.646151Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: cgroup,freezer: hold cpuhotpluglock before freezermutex syzbot is reporting circular locking dependency between cpuhotpluglock and freezermutex, for commit f5d39b020809 ("freezer,sched: Rewrite core freezer logic") replaced atomicinc() in freezerapplystate() with staticbranchinc() which holds cpuhotpluglock. cpuhotpluglock => cgroupthreadgrouprwsem => freezermutex cgroupfilewrite() { cgroupprocswrite() { _cgroupprocswrite() { cgroupprocswritestart() { cgroupattachlock() { cpusreadlock() { percpudownread(&cpuhotpluglock); } percpudownwrite(&cgroupthreadgrouprwsem); } } cgroupattachtask() { cgroupmigrate() { cgroupmigrateexecute() { freezerattach() { mutexlock(&freezermutex); (...snipped...) } } } } (...snipped...) } } } freezermutex => cpuhotpluglock cgroupfilewrite() { freezerwrite() { freezerchangestate() { mutexlock(&freezermutex); freezerapplystate() { staticbranchinc(&freezeractive) { statickeyslowinc() { cpusreadlock(); statickeyslowinccpuslocked(); cpusreadunlock(); } } } mutexunlock(&freezermutex); } } } Swap locking order by moving cpusreadlock() in freezerapplystate() to before mutexlock(&freezermutex) in freezerchangestate().
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source