{
  "threat_severity" : "Low",
  "public_date" : "2025-10-07T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: srcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL",
    "id" : "2402261",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2402261"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nsrcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL\nCommit 994f706872e6 (\"srcu: Make Tree SRCU able to operate without\nsnp_node array\") assumes that cpu 0 is always online.  However, there\nreally are situations when some other CPU is the boot CPU, for example,\nwhen booting a kdump kernel with the maxcpus=1 boot parameter.\nOn PowerPC, the kdump kernel can hang as follows:\n...\n[    1.740036] systemd[1]: Hostname set to <xyz.com>\n[  243.686240] INFO: task systemd:1 blocked for more than 122 seconds.\n[  243.686264]       Not tainted 6.1.0-rc1 #1\n[  243.686272] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[  243.686281] task:systemd         state:D stack:0     pid:1     ppid:0      flags:0x00042000\n[  243.686296] Call Trace:\n[  243.686301] [c000000016657640] [c000000016657670] 0xc000000016657670 (unreliable)\n[  243.686317] [c000000016657830] [c00000001001dec0] __switch_to+0x130/0x220\n[  243.686333] [c000000016657890] [c000000010f607b8] __schedule+0x1f8/0x580\n[  243.686347] [c000000016657940] [c000000010f60bb4] schedule+0x74/0x140\n[  243.686361] [c0000000166579b0] [c000000010f699b8] schedule_timeout+0x168/0x1c0\n[  243.686374] [c000000016657a80] [c000000010f61de8] __wait_for_common+0x148/0x360\n[  243.686387] [c000000016657b20] [c000000010176bb0] __flush_work.isra.0+0x1c0/0x3d0\n[  243.686401] [c000000016657bb0] [c0000000105f2768] fsnotify_wait_marks_destroyed+0x28/0x40\n[  243.686415] [c000000016657bd0] [c0000000105f21b8] fsnotify_destroy_group+0x68/0x160\n[  243.686428] [c000000016657c40] [c0000000105f6500] inotify_release+0x30/0xa0\n[  243.686440] [c000000016657cb0] [c0000000105751a8] __fput+0xc8/0x350\n[  243.686452] [c000000016657d00] [c00000001017d524] task_work_run+0xe4/0x170\n[  243.686464] [c000000016657d50] [c000000010020e94] do_notify_resume+0x134/0x140\n[  243.686478] [c000000016657d80] [c00000001002eb18] interrupt_exit_user_prepare_main+0x198/0x270\n[  243.686493] [c000000016657de0] [c00000001002ec60] syscall_exit_prepare+0x70/0x180\n[  243.686505] [c000000016657e10] [c00000001000bf7c] system_call_vectored_common+0xfc/0x280\n[  243.686520] --- interrupt: 3000 at 0x7fffa47d5ba4\n[  243.686528] NIP:  00007fffa47d5ba4 LR: 0000000000000000 CTR: 0000000000000000\n[  243.686538] REGS: c000000016657e80 TRAP: 3000   Not tainted  (6.1.0-rc1)\n[  243.686548] MSR:  800000000000d033 <SF,EE,PR,ME,IR,DR,RI,LE>  CR: 42044440  XER: 00000000\n[  243.686572] IRQMASK: 0\n[  243.686572] GPR00: 0000000000000006 00007ffffa606710 00007fffa48e7200 0000000000000000\n[  243.686572] GPR04: 0000000000000002 000000000000000a 0000000000000000 0000000000000001\n[  243.686572] GPR08: 000001000c172dd0 0000000000000000 0000000000000000 0000000000000000\n[  243.686572] GPR12: 0000000000000000 00007fffa4ff4bc0 0000000000000000 0000000000000000\n[  243.686572] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000\n[  243.686572] GPR20: 0000000132dfdc50 000000000000000e 0000000000189375 0000000000000000\n[  243.686572] GPR24: 00007ffffa606ae0 0000000000000005 000001000c185490 000001000c172570\n[  243.686572] GPR28: 000001000c172990 000001000c184850 000001000c172e00 00007fffa4fedd98\n[  243.686683] NIP [00007fffa47d5ba4] 0x7fffa47d5ba4\n[  243.686691] LR [0000000000000000] 0x0\n[  243.686698] --- interrupt: 3000\n[  243.686708] INFO: task kworker/u16:1:24 blocked for more than 122 seconds.\n[  243.686717]       Not tainted 6.1.0-rc1 #1\n[  243.686724] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[  243.686733] task:kworker/u16:1   state:D stack:0     pid:24    ppid:2      flags:0x00000800\n[  243.686747] Workqueue: events_unbound fsnotify_mark_destroy_workfn\n[  243.686758] Call Trace:\n[  243.686762] [c0000000166736e0] [c00000004fd91000] 0xc00000004fd91000 (unreliable)\n[  243.686775] [c0000000166738d0] [c00000001001dec0] __switch_to+0x130/0x220\n[  243.686788] [c000000016673930] [c000000010f607b8] __schedule+0x1f8/0x\n---truncated---", "A synchronization flaw was found in the Linux kernel Sleepable Read-Copy-Update (SRCU) implementation. The subsystem assumed that central processing unit (CPU) 0 was always online. On systems where CPU 0 is offline, such as crash-kernel configurations using a different boot CPU, SRCU work could be queued to a non-existent CPU and hang indefinitely, causing a denial of service." ],
  "statement" : "The problem is not attacker-driven; it is a boot-time topology assumption. SRCU queued synchronization work to CPU 0 even when that CPU was not active. The fix replaces the hard-coded CPU ID with the boot CPU identifier, which is guaranteed to be online, ensuring synchronization work completes properly.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53671\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53671\nhttps://lore.kernel.org/linux-cve-announce/2025100705-CVE-2023-53671-a34e@gregkh/T" ],
  "name" : "CVE-2023-53671",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent module rcu from being loaded.\nPlease see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
    "lang" : "en:us"
  },
  "csaw" : false
}