{
  "threat_severity" : "Moderate",
  "public_date" : "2025-10-01T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Linux kernel: Denial of Service in io_uring due to hung task detection",
    "id" : "2400692",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2400692"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-667",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nio_uring: wait interruptibly for request completions on exit\nWHen the ring exits, cleanup is done and the final cancelation and\nwaiting on completions is done by io_ring_exit_work. That function is\ninvoked by kworker, which doesn't take any signals. Because of that, it\ndoesn't really matter if we wait for completions in TASK_INTERRUPTIBLE\nor TASK_UNINTERRUPTIBLE state. However, it does matter to the hung task\ndetection checker!\nNormally we expect cancelations and completions to happen rather\nquickly. Some test cases, however, will exit the ring and park the\nowning task stopped (eg via SIGSTOP). If the owning task needs to run\ntask_work to complete requests, then io_ring_exit_work won't make any\nprogress until the task is runnable again. Hence io_ring_exit_work can\ntrigger the hung task detection, which is particularly problematic if\npanic-on-hung-task is enabled.\nAs the ring exit doesn't take signals to begin with, have it wait\ninterruptibly rather than uninterruptibly. io_uring has a separate\nstuck-exit warning that triggers independently anyway, so we're not\nreally missing anything by making this switch.", "A flaw was identified in the Linux kernel’s io_uring subsystem related to how request completions are handled when an io_uring instance exits. During cleanup, the function io_ring_exit_work was waiting in an uninterruptible state for request completions. Under certain test and signal conditions (e.g., when the owning task is parked via SIGSTOP), this could block making progress on completions and trigger the kernel’s hung task detection mechanism, potentially leading to system instability or panic on systems configured with panic_on_hung_task." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53461\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53461\nhttps://lore.kernel.org/linux-cve-announce/2025100106-CVE-2023-53461-b02b@gregkh/T" ],
  "name" : "CVE-2023-53461",
  "mitigation" : {
    "value" : "To prevent a system panic, administrators can disable the `panic_on_hung_task` kernel parameter. This can be achieved by creating a new sysctl configuration file (e.g., `/etc/sysctl.d/99-disable-hung-task-panic.conf`) with the content `kernel.panic_on_hung_task = 0`. Apply the change using `sysctl -p /etc/sysctl.d/99-disable-hung-task-panic.conf`. This mitigation prevents system panics but does not prevent the hung task condition itself, which may still lead to system instability. A system reboot is required for the change to take full effect.",
    "lang" : "en:us"
  },
  "csaw" : false
}