{ "threat_severity" : "Moderate", "public_date" : "2025-10-04T00:00:00Z", "bugzilla" : { "description" : "kernel: rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()", "id" : "2401543", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2401543" }, "cvss3" : { "cvss3_base_score" : "4.7", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-1322", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nrcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()\npr_info() is called with rtp->cbs_gbl_lock spin lock locked. Because\npr_info() calls printk() that might sleep, this will result in BUG\nlike below:\n[ 0.206455] cblist_init_generic: Setting adjustable number of callback queues.\n[ 0.206463]\n[ 0.206464] =============================\n[ 0.206464] [ BUG: Invalid wait context ]\n[ 0.206465] 5.19.0-00428-g9de1f9c8ca51 #5 Not tainted\n[ 0.206466] -----------------------------\n[ 0.206466] swapper/0/1 is trying to lock:\n[ 0.206467] ffffffffa0167a58 (&port_lock_key){....}-{3:3}, at: serial8250_console_write+0x327/0x4a0\n[ 0.206473] other info that might help us debug this:\n[ 0.206473] context-{5:5}\n[ 0.206474] 3 locks held by swapper/0/1:\n[ 0.206474] #0: ffffffff9eb597e0 (rcu_tasks.cbs_gbl_lock){....}-{2:2}, at: cblist_init_generic.constprop.0+0x14/0x1f0\n[ 0.206478] #1: ffffffff9eb579c0 (console_lock){+.+.}-{0:0}, at: _printk+0x63/0x7e\n[ 0.206482] #2: ffffffff9ea77780 (console_owner){....}-{0:0}, at: console_emit_next_record.constprop.0+0x111/0x330\n[ 0.206485] stack backtrace:\n[ 0.206486] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-00428-g9de1f9c8ca51 #5\n[ 0.206488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014\n[ 0.206489] Call Trace:\n[ 0.206490] \n[ 0.206491] dump_stack_lvl+0x6a/0x9f\n[ 0.206493] __lock_acquire.cold+0x2d7/0x2fe\n[ 0.206496] ? stack_trace_save+0x46/0x70\n[ 0.206497] lock_acquire+0xd1/0x2f0\n[ 0.206499] ? serial8250_console_write+0x327/0x4a0\n[ 0.206500] ? __lock_acquire+0x5c7/0x2720\n[ 0.206502] _raw_spin_lock_irqsave+0x3d/0x90\n[ 0.206504] ? serial8250_console_write+0x327/0x4a0\n[ 0.206506] serial8250_console_write+0x327/0x4a0\n[ 0.206508] console_emit_next_record.constprop.0+0x180/0x330\n[ 0.206511] console_unlock+0xf7/0x1f0\n[ 0.206512] vprintk_emit+0xf7/0x330\n[ 0.206514] _printk+0x63/0x7e\n[ 0.206516] cblist_init_generic.constprop.0.cold+0x24/0x32\n[ 0.206518] rcu_init_tasks_generic+0x5/0xd9\n[ 0.206522] kernel_init_freeable+0x15b/0x2a2\n[ 0.206523] ? rest_init+0x160/0x160\n[ 0.206526] kernel_init+0x11/0x120\n[ 0.206527] ret_from_fork+0x1f/0x30\n[ 0.206530] \n[ 0.207018] cblist_init_generic: Setting shift to 1 and lim to 1.\nThis patch moves pr_info() so that it is called without\nrtp->cbs_gbl_lock locked.", "A locking violation was found in the Linux kernel RCU-tasks subsystem's callback list initialization. During system boot, the initialization code calls pr_info() while holding the rtp->cbs_gbl_lock spinlock, causing a potentially sleeping function to be called in atomic context, which results in kernel lockdep warnings and potential deadlock leading to denial of service." ], "statement" : "The issue arises because cblist_init_generic() calls pr_info() while holding the rtp->cbs_gbl_lock spinlock. The pr_info() function calls printk(), which may sleep because it acquires the console_lock and can block waiting for console output. Calling a potentially sleeping function while holding a spinlock violates kernel locking rules and can lead to deadlock. During RCU-tasks initialization at boot time, if lockdep is enabled, the kernel detects this violation and emits an \"Invalid wait context\" warning showing the problematic lock chain. While this primarily manifests as warnings with lockdep enabled, the underlying locking violation could lead to actual deadlocks in production systems under the right timing conditions.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-07-28T00:00:00Z", "advisory" : "RHSA-2025:11810", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "kernel-0:5.14.0-427.79.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53558\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53558\nhttps://lore.kernel.org/linux-cve-announce/2025100449-CVE-2023-53558-e6f7@gregkh/T" ], "name" : "CVE-2023-53558", "csaw" : false }