DEBIAN-CVE-2023-54283

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-54283

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54283.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-54283

Upstream

CVE-2023-54283

Published

2025-12-30T13:16:17.287Z

Modified

2025-12-31T11:10:37.501246Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: bpf: Address KCSAN report on bpflrulist KCSAN reported a data-race when accessing node->ref. Although node->ref does not have to be accurate, take this chance to use a more common READONCE() and WRITEONCE() pattern instead of datarace(). There is an existing bpflrunodeisref() and bpflrunodesetref(). This patch also adds bpflrunodeclearref() to do the WRITEONCE(node->ref, 0) also. ================================================================== BUG: KCSAN: data-race in _bpflrulistrotate / _htablrupercpumapupdateelem write to 0xffff888137038deb of 1 bytes by task 11240 on cpu 1: _bpflrunodemove kernel/bpf/bpflrulist.c:113 [inline] _bpflrulistrotateactive kernel/bpf/bpflrulist.c:149 [inline] _bpflrulistrotate+0x1bf/0x750 kernel/bpf/bpflrulist.c:240 bpflrulistpopfreetolocal kernel/bpf/bpflrulist.c:329 [inline] bpfcommonlrupopfree kernel/bpf/bpflrulist.c:447 [inline] bpflrupopfree+0x638/0xe20 kernel/bpf/bpflrulist.c:499 prealloclrupop kernel/bpf/hashtab.c:290 [inline] _htablrupercpumapupdateelem+0xe7/0x820 kernel/bpf/hashtab.c:1316 bpfpercpuhashupdate+0x5e/0x90 kernel/bpf/hashtab.c:2313 bpfmapupdatevalue+0x2a9/0x370 kernel/bpf/syscall.c:200 genericmapupdatebatch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687 bpfmapdobatch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534 _sysbpf+0x338/0x810 _dosysbpf kernel/bpf/syscall.c:5096 [inline] _sesysbpf kernel/bpf/syscall.c:5094 [inline] _x64sysbpf+0x43/0x50 kernel/bpf/syscall.c:5094 dosyscallx64 arch/x86/entry/common.c:50 [inline] dosyscall64+0x41/0xc0 arch/x86/entry/common.c:80 entrySYSCALL64afterhwframe+0x63/0xcd read to 0xffff888137038deb of 1 bytes by task 11241 on cpu 0: bpflrunodesetref kernel/bpf/bpflrulist.h:70 [inline] _htablrupercpumapupdateelem+0x2f1/0x820 kernel/bpf/hashtab.c:1332 bpfpercpuhashupdate+0x5e/0x90 kernel/bpf/hashtab.c:2313 bpfmapupdatevalue+0x2a9/0x370 kernel/bpf/syscall.c:200 genericmapupdatebatch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687 bpfmapdobatch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534 _sysbpf+0x338/0x810 _dosysbpf kernel/bpf/syscall.c:5096 [inline] _sesysbpf kernel/bpf/syscall.c:5094 [inline] _x64sysbpf+0x43/0x50 kernel/bpf/syscall.c:5094 dosyscallx64 arch/x86/entry/common.c:50 [inline] dosyscall64+0x41/0xc0 arch/x86/entry/common.c:80 entrySYSCALL64afterhwframe+0x63/0xcd value changed: 0x01 -> 0x00 Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 11241 Comm: syz-executor.3 Not tainted 6.3.0-rc7-syzkaller-00136-g6a66fdd29ea1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023 ==================================================================

References

https://security-tracker.debian.org/tracker/CVE-2023-54283

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.191-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

5.10.158-1

5.10.158-2

5.10.162-1

5.10.178-1

5.10.178-2

5.10.178-3

5.10.179-1

5.10.179-2

5.10.179-3

5.10.179-4

5.10.179-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54283.json"

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.52-1

Affected versions

6.*

6.1.27-1

6.1.37-1

6.1.38-1

6.1.38-2~bpo11+1

6.1.38-2

6.1.38-3

6.1.38-4~bpo11+1

6.1.38-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54283.json"

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54283.json"

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54283.json"