{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-24T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: wifi: rtw88: use work to update rate to avoid RCU warning",
    "id" : "2425074",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2425074"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-667",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nwifi: rtw88: use work to update rate to avoid RCU warning\nThe ieee80211_ops::sta_rc_update must be atomic, because\nieee80211_chan_bw_change() holds rcu_read lock while calling\ndrv_sta_rc_update(), so create a work to do original things.\nVoluntary context switch within RCU read-side critical section!\nWARNING: CPU: 0 PID: 4621 at kernel/rcu/tree_plugin.h:318\nrcu_note_context_switch+0x571/0x5d0\nCPU: 0 PID: 4621 Comm: kworker/u16:2 Tainted: G        W  OE\nWorkqueue: phy3 ieee80211_chswitch_work [mac80211]\nRIP: 0010:rcu_note_context_switch+0x571/0x5d0\nCall Trace:\n<TASK>\n__schedule+0xb0/0x1460\n? __mod_timer+0x116/0x360\nschedule+0x5a/0xc0\nschedule_timeout+0x87/0x150\n? trace_raw_output_tick_stop+0x60/0x60\nwait_for_completion_timeout+0x7b/0x140\nusb_start_wait_urb+0x82/0x160 [usbcore\nusb_control_msg+0xe3/0x140 [usbcore\nrtw_usb_read+0x88/0xe0 [rtw_usb\nrtw_usb_read8+0xf/0x10 [rtw_usb\nrtw_fw_send_h2c_command+0xa0/0x170 [rtw_core\nrtw_fw_send_ra_info+0xc9/0xf0 [rtw_core\ndrv_sta_rc_update+0x7c/0x160 [mac80211\nieee80211_chan_bw_change+0xfb/0x110 [mac80211\nieee80211_change_chanctx+0x38/0x130 [mac80211\nieee80211_vif_use_reserved_switch+0x34e/0x900 [mac80211\nieee80211_link_use_reserved_context+0x88/0xe0 [mac80211\nieee80211_chswitch_work+0x95/0x170 [mac80211\nprocess_one_work+0x201/0x410\nworker_thread+0x4a/0x3b0\n? process_one_work+0x410/0x410\nkthread+0xe1/0x110\n? kthread_complete_and_exit+0x20/0x20\nret_from_fork+0x1f/0x30\n</TASK>", "A flaw was identified in the Linux kernel’s rtw88 Wi-Fi driver (drivers/net/wireless/realtek/rtw88) where the ieee80211_ops::sta_rc_update callback was invoked within a Read-Copy-Update (RCU) read-side critical section without proper atomicity or deferral. The ieee80211_chan_bw_change() function holds an RCU read lock while calling into drv_sta_rc_update(), and under these conditions, the driver could perform work that may trigger a voluntary context switch inside the RCU protection region. This improper synchronization can lead to unpredictable kernel behavior, including WARN messages, instability in wireless operations, and potential denial-of-service scenarios." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:7077",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-513.5.1.el8_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54071\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54071\nhttps://lore.kernel.org/linux-cve-announce/2025122431-CVE-2023-54071-b4c6@gregkh/T" ],
  "name" : "CVE-2023-54071",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}