{
  "threat_severity" : "Low",
  "public_date" : "2025-12-30T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: bpf: Address KCSAN report on bpf_lru_list",
    "id" : "2426141",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2426141"
  },
  "cvss3" : {
    "cvss3_base_score" : "2.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-366",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nbpf: Address KCSAN report on bpf_lru_list\nKCSAN reported a data-race when accessing node->ref.\nAlthough node->ref does not have to be accurate,\ntake this chance to use a more common READ_ONCE() and WRITE_ONCE()\npattern instead of data_race().\nThere is an existing bpf_lru_node_is_ref() and bpf_lru_node_set_ref().\nThis patch also adds bpf_lru_node_clear_ref() to do the\nWRITE_ONCE(node->ref, 0) also.\n==================================================================\nBUG: KCSAN: data-race in __bpf_lru_list_rotate / __htab_lru_percpu_map_update_elem\nwrite to 0xffff888137038deb of 1 bytes by task 11240 on cpu 1:\n__bpf_lru_node_move kernel/bpf/bpf_lru_list.c:113 [inline]\n__bpf_lru_list_rotate_active kernel/bpf/bpf_lru_list.c:149 [inline]\n__bpf_lru_list_rotate+0x1bf/0x750 kernel/bpf/bpf_lru_list.c:240\nbpf_lru_list_pop_free_to_local kernel/bpf/bpf_lru_list.c:329 [inline]\nbpf_common_lru_pop_free kernel/bpf/bpf_lru_list.c:447 [inline]\nbpf_lru_pop_free+0x638/0xe20 kernel/bpf/bpf_lru_list.c:499\nprealloc_lru_pop kernel/bpf/hashtab.c:290 [inline]\n__htab_lru_percpu_map_update_elem+0xe7/0x820 kernel/bpf/hashtab.c:1316\nbpf_percpu_hash_update+0x5e/0x90 kernel/bpf/hashtab.c:2313\nbpf_map_update_value+0x2a9/0x370 kernel/bpf/syscall.c:200\ngeneric_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687\nbpf_map_do_batch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534\n__sys_bpf+0x338/0x810\n__do_sys_bpf kernel/bpf/syscall.c:5096 [inline]\n__se_sys_bpf kernel/bpf/syscall.c:5094 [inline]\n__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5094\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nread to 0xffff888137038deb of 1 bytes by task 11241 on cpu 0:\nbpf_lru_node_set_ref kernel/bpf/bpf_lru_list.h:70 [inline]\n__htab_lru_percpu_map_update_elem+0x2f1/0x820 kernel/bpf/hashtab.c:1332\nbpf_percpu_hash_update+0x5e/0x90 kernel/bpf/hashtab.c:2313\nbpf_map_update_value+0x2a9/0x370 kernel/bpf/syscall.c:200\ngeneric_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687\nbpf_map_do_batch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534\n__sys_bpf+0x338/0x810\n__do_sys_bpf kernel/bpf/syscall.c:5096 [inline]\n__se_sys_bpf kernel/bpf/syscall.c:5094 [inline]\n__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5094\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nvalue changed: 0x01 -> 0x00\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 11241 Comm: syz-executor.3 Not tainted 6.3.0-rc7-syzkaller-00136-g6a66fdd29ea1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023\n==================================================================", "A data race was found in the BPF LRU list implementation. Concurrent access to node->ref without proper memory barriers triggers KCSAN warnings, though the race is benign as the reference value does not need to be precise." ],
  "statement" : "This is a benign data race reported by KCSAN (Kernel Concurrency Sanitizer). The fix improves code correctness by using READ_ONCE/WRITE_ONCE but the original behavior was functionally acceptable for this use case.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54283\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54283\nhttps://lore.kernel.org/linux-cve-announce/2025123026-CVE-2023-54283-b319@gregkh/T" ],
  "name" : "CVE-2023-54283",
  "csaw" : false
}