DEBIAN-CVE-2023-54303
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-54303
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54303.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-54303
- Upstream
- Published
- 2025-12-30T13:16:19.437Z
- Modified
- 2025-12-31T11:10:39.997766Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: bpf: Disable preemption in bpfperfeventoutput The nesting protection in bpfperfeventoutput relies on disabled preemption, which is guaranteed for kprobes and tracepoints. However bpfperfeventoutput can be also called from uprobes context through bpfprogrunarraysleepable function which disables migration, but keeps preemption enabled. This can cause task to be preempted by another one inside the nesting protection and lead eventually to two tasks using same perfsampledata buffer and cause crashes like: kernel tried to execute NX-protected page - exploit attempt? (uid: 0) BUG: unable to handle page fault for address: ffffffff82be3eea ... Call Trace: ? _die+0x1f/0x70 ? pagefaultoops+0x176/0x4d0 ? excpagefault+0x132/0x230 ? asmexcpagefault+0x22/0x30 ? perfoutputsample+0x12b/0x910 ? perfeventoutput+0xd0/0x1d0 ? bpfperfeventoutput+0x162/0x1d0 ? bpfprogc6271286d9a4c938krava1+0x76/0x87 ? _uprobeperffunc+0x12b/0x540 ? uprobedispatcher+0x2c4/0x430 ? uprobenotifyresume+0x2da/0xce0 ? atomicnotifiercallchain+0x7b/0x110 ? exittousermodeprepare+0x13e/0x290 ? irqentryexittousermode+0x5/0x30 ? asmexcint3+0x35/0x40 Fixing this by disabling preemption in bpfperfevent_output.
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.52-1
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source