DEBIAN-CVE-2023-53590
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-53590
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53590.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-53590
- Upstream
- Published
- 2025-10-04T16:15:55.437Z
- Modified
- 2026-04-28T20:27:04.770840Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: sctp: add a refcnt in sctpstreampriorities to avoid a nested loop With this refcnt added in sctpstreampriorities, we don't need to traverse all streams to check if the prio is used by other streams when freeing one stream's prio in sctpschedpriofreesid(). This can avoid a nested loop (up to 65535 * 65535), which may cause a stuck as Ying reported: watchdog: BUG: soft lockup - CPU#23 stuck for 26s! [ksoftirqd/23:136] Call Trace: <TASK> sctpschedpriofreesid+0xab/0x100 [sctp] sctpstreamfreeext+0x64/0xa0 [sctp] sctpstreamfree+0x31/0x50 [sctp] sctpassociationfree+0xa5/0x200 [sctp] Note that it doesn't need to use refcountt type for this counter, as its accessing is always protected under the sock lock. v1->v2: - add a check in sctpschedprioset to avoid the possible priohead refcnt overflow.
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.178-1
Affected versions
5.*
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source