{
  "threat_severity" : "Low",
  "public_date" : "2025-10-04T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: cpufreq: amd-pstate-ut: Fix kernel panic when loading the driver",
    "id" : "2401571",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2401571"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-911",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ncpufreq: amd-pstate-ut: Fix kernel panic when loading the driver\nAfter loading the amd-pstate-ut driver, amd_pstate_ut_check_perf()\nand amd_pstate_ut_check_freq() use cpufreq_cpu_get() to get the policy\nof the CPU and mark it as busy.\nIn these functions, cpufreq_cpu_put() should be used to release the\npolicy, but it is not, so any other entity trying to access the policy\nis blocked indefinitely.\nOne such scenario is when amd_pstate mode is changed, leading to the\nfollowing splat:\n[ 1332.103727] INFO: task bash:2929 blocked for more than 120 seconds.\n[ 1332.110001]       Not tainted 6.5.0-rc2-amd-pstate-ut #5\n[ 1332.115315] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 1332.123140] task:bash            state:D stack:0     pid:2929  ppid:2873   flags:0x00004006\n[ 1332.123143] Call Trace:\n[ 1332.123145]  <TASK>\n[ 1332.123148]  __schedule+0x3c1/0x16a0\n[ 1332.123154]  ? _raw_read_lock_irqsave+0x2d/0x70\n[ 1332.123157]  schedule+0x6f/0x110\n[ 1332.123160]  schedule_timeout+0x14f/0x160\n[ 1332.123162]  ? preempt_count_add+0x86/0xd0\n[ 1332.123165]  __wait_for_common+0x92/0x190\n[ 1332.123168]  ? __pfx_schedule_timeout+0x10/0x10\n[ 1332.123170]  wait_for_completion+0x28/0x30\n[ 1332.123173]  cpufreq_policy_put_kobj+0x4d/0x90\n[ 1332.123177]  cpufreq_policy_free+0x157/0x1d0\n[ 1332.123178]  ? preempt_count_add+0x58/0xd0\n[ 1332.123180]  cpufreq_remove_dev+0xb6/0x100\n[ 1332.123182]  subsys_interface_unregister+0x114/0x120\n[ 1332.123185]  ? preempt_count_add+0x58/0xd0\n[ 1332.123187]  ? __pfx_amd_pstate_change_driver_mode+0x10/0x10\n[ 1332.123190]  cpufreq_unregister_driver+0x3b/0xd0\n[ 1332.123192]  amd_pstate_change_driver_mode+0x1e/0x50\n[ 1332.123194]  store_status+0xe9/0x180\n[ 1332.123197]  dev_attr_store+0x1b/0x30\n[ 1332.123199]  sysfs_kf_write+0x42/0x50\n[ 1332.123202]  kernfs_fop_write_iter+0x143/0x1d0\n[ 1332.123204]  vfs_write+0x2df/0x400\n[ 1332.123208]  ksys_write+0x6b/0xf0\n[ 1332.123210]  __x64_sys_write+0x1d/0x30\n[ 1332.123213]  do_syscall_64+0x60/0x90\n[ 1332.123216]  ? fpregs_assert_state_consistent+0x2e/0x50\n[ 1332.123219]  ? exit_to_user_mode_prepare+0x49/0x1a0\n[ 1332.123223]  ? irqentry_exit_to_user_mode+0xd/0x20\n[ 1332.123225]  ? irqentry_exit+0x3f/0x50\n[ 1332.123226]  ? exc_page_fault+0x8e/0x190\n[ 1332.123228]  entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 1332.123232] RIP: 0033:0x7fa74c514a37\n[ 1332.123234] RSP: 002b:00007ffe31dd0788 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 1332.123238] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007fa74c514a37\n[ 1332.123239] RDX: 0000000000000008 RSI: 000055e27c447aa0 RDI: 0000000000000001\n[ 1332.123241] RBP: 000055e27c447aa0 R08: 00007fa74c5d1460 R09: 000000007fffffff\n[ 1332.123242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008\n[ 1332.123244] R13: 00007fa74c61a780 R14: 00007fa74c616600 R15: 00007fa74c615a00\n[ 1332.123247]  </TASK>\nFix this by calling cpufreq_cpu_put() wherever necessary.\n[ rjw: Subject and changelog edits ]", "A reference leak flaw was found in the Linux kernel's AMD P-state unit test driver in the CPU policy access logic. A local user can trigger this issue by loading the amd-pstate-ut driver, which acquires CPU policy references via cpufreq_cpu_get without releasing them via cpufreq_cpu_put. This causes other processes attempting to access the policy to block indefinitely, resulting in hung tasks and denial of service through system unresponsiveness." ],
  "statement" : "The amd_pstate_ut_check_perf and amd_pstate_ut_check_freq functions in the unit test driver call cpufreq_cpu_get to obtain and mark the CPU policy as busy. However, these functions fail to call the corresponding cpufreq_cpu_put to release the reference. This violates the cpufreq reference counting protocol and causes any subsequent attempt to access the policy—such as during mode changes or driver unload—to wait indefinitely for the reference to be released. The most visible manifestation is when changing amd_pstate modes, where processes hang for over 120 seconds waiting for completion. Since this is a unit test driver rather than production code, the practical impact is limited to testing scenarios, though the hang can affect system stability when the driver is loaded.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53563\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53563\nhttps://lore.kernel.org/linux-cve-announce/2025100451-CVE-2023-53563-5cbe@gregkh/T" ],
  "name" : "CVE-2023-53563",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent the amd_pstate_ut module from being loaded. See https://access.redhat.com/solutions/41278 for instructions on blacklisting kernel modules.",
    "lang" : "en:us"
  },
  "csaw" : false
}