{ "threat_severity" : "Moderate", "public_date" : "2025-10-07T00:00:00Z", "bugzilla" : { "description" : "kernel: rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed", "id" : "2402218", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2402218" }, "cvss3" : { "cvss3_base_score" : "5.7", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-835", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nrcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed\nRegistering a kprobe on __rcu_irq_enter_check_tick() can cause kernel\nstack overflow as shown below. This issue can be reproduced by enabling\nCONFIG_NO_HZ_FULL and booting the kernel with argument \"nohz_full=\",\nand then giving the following commands at the shell prompt:\n# cd /sys/kernel/tracing/\n# echo 'p:mp1 __rcu_irq_enter_check_tick' >> kprobe_events\n# echo 1 > events/kprobes/enable\nThis commit therefore adds __rcu_irq_enter_check_tick() to the kprobes\nblacklist using NOKPROBE_SYMBOL().\nInsufficient stack space to handle exception!\nESR: 0x00000000f2000004 -- BRK (AArch64)\nFAR: 0x0000ffffccf3e510\nTask stack: [0xffff80000ad30000..0xffff80000ad38000]\nIRQ stack: [0xffff800008050000..0xffff800008058000]\nOverflow stack: [0xffff089c36f9f310..0xffff089c36fa0310]\nCPU: 5 PID: 190 Comm: bash Not tainted 6.2.0-rc2-00320-g1f5abbd77e2c #19\nHardware name: linux,dummy-virt (DT)\npstate: 400003c5 (nZcv DAIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __rcu_irq_enter_check_tick+0x0/0x1b8\nlr : ct_nmi_enter+0x11c/0x138\nsp : ffff80000ad30080\nx29: ffff80000ad30080 x28: ffff089c82e20000 x27: 0000000000000000\nx26: 0000000000000000 x25: ffff089c02a8d100 x24: 0000000000000000\nx23: 00000000400003c5 x22: 0000ffffccf3e510 x21: ffff089c36fae148\nx20: ffff80000ad30120 x19: ffffa8da8fcce148 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: ffffa8da8e44ea6c\nx14: ffffa8da8e44e968 x13: ffffa8da8e03136c x12: 1fffe113804d6809\nx11: ffff6113804d6809 x10: 0000000000000a60 x9 : dfff800000000000\nx8 : ffff089c026b404f x7 : 00009eec7fb297f7 x6 : 0000000000000001\nx5 : ffff80000ad30120 x4 : dfff800000000000 x3 : ffffa8da8e3016f4\nx2 : 0000000000000003 x1 : 0000000000000000 x0 : 0000000000000000\nKernel panic - not syncing: kernel stack overflow\nCPU: 5 PID: 190 Comm: bash Not tainted 6.2.0-rc2-00320-g1f5abbd77e2c #19\nHardware name: linux,dummy-virt (DT)\nCall trace:\ndump_backtrace+0xf8/0x108\nshow_stack+0x20/0x30\ndump_stack_lvl+0x68/0x84\ndump_stack+0x1c/0x38\npanic+0x214/0x404\nadd_taint+0x0/0xf8\npanic_bad_stack+0x144/0x160\nhandle_bad_stack+0x38/0x58\n__bad_stack+0x78/0x7c\n__rcu_irq_enter_check_tick+0x0/0x1b8\narm64_enter_el1_dbg.isra.0+0x14/0x20\nel1_dbg+0x2c/0x90\nel1h_64_sync_handler+0xcc/0xe8\nel1h_64_sync+0x64/0x68\n__rcu_irq_enter_check_tick+0x0/0x1b8\narm64_enter_el1_dbg.isra.0+0x14/0x20\nel1_dbg+0x2c/0x90\nel1h_64_sync_handler+0xcc/0xe8\nel1h_64_sync+0x64/0x68\n__rcu_irq_enter_check_tick+0x0/0x1b8\narm64_enter_el1_dbg.isra.0+0x14/0x20\nel1_dbg+0x2c/0x90\nel1h_64_sync_handler+0xcc/0xe8\nel1h_64_sync+0x64/0x68\n__rcu_irq_enter_check_tick+0x0/0x1b8\n[...]\nel1_dbg+0x2c/0x90\nel1h_64_sync_handler+0xcc/0xe8\nel1h_64_sync+0x64/0x68\n__rcu_irq_enter_check_tick+0x0/0x1b8\narm64_enter_el1_dbg.isra.0+0x14/0x20\nel1_dbg+0x2c/0x90\nel1h_64_sync_handler+0xcc/0xe8\nel1h_64_sync+0x64/0x68\n__rcu_irq_enter_check_tick+0x0/0x1b8\narm64_enter_el1_dbg.isra.0+0x14/0x20\nel1_dbg+0x2c/0x90\nel1h_64_sync_handler+0xcc/0xe8\nel1h_64_sync+0x64/0x68\n__rcu_irq_enter_check_tick+0x0/0x1b8\nel1_interrupt+0x28/0x60\nel1h_64_irq_handler+0x18/0x28\nel1h_64_irq+0x64/0x68\n__ftrace_set_clr_event_nolock+0x98/0x198\n__ftrace_set_clr_event+0x58/0x80\nsystem_enable_write+0x144/0x178\nvfs_write+0x174/0x738\nksys_write+0xd0/0x188\n__arm64_sys_write+0x4c/0x60\ninvoke_syscall+0x64/0x180\nel0_svc_common.constprop.0+0x84/0x160\ndo_el0_svc+0x48/0xe8\nel0_svc+0x34/0xd0\nel0t_64_sync_handler+0xb8/0xc0\nel0t_64_sync+0x190/0x194\nSMP: stopping secondary CPUs\nKernel Offset: 0x28da86000000 from 0xffff800008000000\nPHYS_OFFSET: 0xfffff76600000000\nCPU features: 0x00000,01a00100,0000421b\nMemory Limit: none" ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53655\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53655\nhttps://lore.kernel.org/linux-cve-announce/2025100701-CVE-2023-53655-d389@gregkh/T" ], "name" : "CVE-2023-53655", "csaw" : false }