{
  "threat_severity" : "Moderate",
  "public_date" : "2025-05-02T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: iavf: fix hang on reboot with ice",
    "id" : "2363754",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2363754"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-354",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\niavf: fix hang on reboot with ice\nWhen a system with E810 with existing VFs gets rebooted the following\nhang may be observed.\nPid 1 is hung in iavf_remove(), part of a network driver:\nPID: 1        TASK: ffff965400e5a340  CPU: 24   COMMAND: \"systemd-shutdow\"\n#0 [ffffaad04005fa50] __schedule at ffffffff8b3239cb\n#1 [ffffaad04005fae8] schedule at ffffffff8b323e2d\n#2 [ffffaad04005fb00] schedule_hrtimeout_range_clock at ffffffff8b32cebc\n#3 [ffffaad04005fb80] usleep_range_state at ffffffff8b32c930\n#4 [ffffaad04005fbb0] iavf_remove at ffffffffc12b9b4c [iavf]\n#5 [ffffaad04005fbf0] pci_device_remove at ffffffff8add7513\n#6 [ffffaad04005fc10] device_release_driver_internal at ffffffff8af08baa\n#7 [ffffaad04005fc40] pci_stop_bus_device at ffffffff8adcc5fc\n#8 [ffffaad04005fc60] pci_stop_and_remove_bus_device at ffffffff8adcc81e\n#9 [ffffaad04005fc70] pci_iov_remove_virtfn at ffffffff8adf9429\n#10 [ffffaad04005fca8] sriov_disable at ffffffff8adf98e4\n#11 [ffffaad04005fcc8] ice_free_vfs at ffffffffc04bb2c8 [ice]\n#12 [ffffaad04005fd10] ice_remove at ffffffffc04778fe [ice]\n#13 [ffffaad04005fd38] ice_shutdown at ffffffffc0477946 [ice]\n#14 [ffffaad04005fd50] pci_device_shutdown at ffffffff8add58f1\n#15 [ffffaad04005fd70] device_shutdown at ffffffff8af05386\n#16 [ffffaad04005fd98] kernel_restart at ffffffff8a92a870\n#17 [ffffaad04005fda8] __do_sys_reboot at ffffffff8a92abd6\n#18 [ffffaad04005fee0] do_syscall_64 at ffffffff8b317159\n#19 [ffffaad04005ff08] __context_tracking_enter at ffffffff8b31b6fc\n#20 [ffffaad04005ff18] syscall_exit_to_user_mode at ffffffff8b31b50d\n#21 [ffffaad04005ff28] do_syscall_64 at ffffffff8b317169\n#22 [ffffaad04005ff50] entry_SYSCALL_64_after_hwframe at ffffffff8b40009b\nRIP: 00007f1baa5c13d7  RSP: 00007fffbcc55a98  RFLAGS: 00000202\nRAX: ffffffffffffffda  RBX: 0000000000000000  RCX: 00007f1baa5c13d7\nRDX: 0000000001234567  RSI: 0000000028121969  RDI: 00000000fee1dead\nRBP: 00007fffbcc55ca0   R8: 0000000000000000   R9: 00007fffbcc54e90\nR10: 00007fffbcc55050  R11: 0000000000000202  R12: 0000000000000005\nR13: 0000000000000000  R14: 00007fffbcc55af0  R15: 0000000000000000\nORIG_RAX: 00000000000000a9  CS: 0033  SS: 002b\nDuring reboot all drivers PM shutdown callbacks are invoked.\nIn iavf_shutdown() the adapter state is changed to __IAVF_REMOVE.\nIn ice_shutdown() the call chain above is executed, which at some point\ncalls iavf_remove(). However iavf_remove() expects the VF to be in one\nof the states __IAVF_RUNNING, __IAVF_DOWN or __IAVF_INIT_FAILED. If\nthat's not the case it sleeps forever.\nSo if iavf_shutdown() gets invoked before iavf_remove() the system will\nhang indefinitely because the adapter is already in state __IAVF_REMOVE.\nFix this by returning from iavf_remove() if the state is __IAVF_REMOVE,\nas we already went through iavf_shutdown()." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-05-16T00:00:00Z",
    "advisory" : "RHSA-2023:2951",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-477.10.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53064\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53064\nhttps://lore.kernel.org/linux-cve-announce/2025050211-CVE-2023-53064-fe53@gregkh/T" ],
  "name" : "CVE-2023-53064",
  "csaw" : false
}