{
  "threat_severity" : "Low",
  "public_date" : "2025-12-30T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: bpf: Disable preemption in bpf_perf_event_output",
    "id" : "2426113",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2426113"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-366",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nbpf: Disable preemption in bpf_perf_event_output\nThe nesting protection in bpf_perf_event_output relies on disabled\npreemption, which is guaranteed for kprobes and tracepoints.\nHowever bpf_perf_event_output can be also called from uprobes context\nthrough bpf_prog_run_array_sleepable function which disables migration,\nbut keeps preemption enabled.\nThis can cause task to be preempted by another one inside the nesting\nprotection and lead eventually to two tasks using same perf_sample_data\nbuffer and cause crashes like:\nkernel tried to execute NX-protected page - exploit attempt? (uid: 0)\nBUG: unable to handle page fault for address: ffffffff82be3eea\n...\nCall Trace:\n? __die+0x1f/0x70\n? page_fault_oops+0x176/0x4d0\n? exc_page_fault+0x132/0x230\n? asm_exc_page_fault+0x22/0x30\n? perf_output_sample+0x12b/0x910\n? perf_event_output+0xd0/0x1d0\n? bpf_perf_event_output+0x162/0x1d0\n? bpf_prog_c6271286d9a4c938_krava1+0x76/0x87\n? __uprobe_perf_func+0x12b/0x540\n? uprobe_dispatcher+0x2c4/0x430\n? uprobe_notify_resume+0x2da/0xce0\n? atomic_notifier_call_chain+0x7b/0x110\n? exit_to_user_mode_prepare+0x13e/0x290\n? irqentry_exit_to_user_mode+0x5/0x30\n? asm_exc_int3+0x35/0x40\nFixing this by disabling preemption in bpf_perf_event_output.", "A flaw was found in the Linux kernel's BPF subsystem. The bpf_perf_event_output() function relies on disabled preemption for nesting protection, but when called from uprobes context via bpf_prog_run_array_sleepable(), preemption remains enabled. This allows task preemption during protected sections, leading to buffer corruption when two tasks share the same perf_sample_data buffer, causing kernel crashes." ],
  "statement" : "This issue requires BPF programs attached to uprobes that use bpf_perf_event_output(). The flaw can cause kernel crashes when specific preemption timing occurs, but exploiting it for more than denial of service would require precise control over kernel scheduling. Loading BPF programs typically requires CAP_BPF or CAP_SYS_ADMIN capabilities.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54303\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54303\nhttps://lore.kernel.org/linux-cve-announce/2025123033-CVE-2023-54303-0e92@gregkh/T" ],
  "name" : "CVE-2023-54303",
  "csaw" : false
}