{
  "threat_severity" : "Low",
  "public_date" : "2025-12-30T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: arm64: set __exception_irq_entry with __irq_entry as a default",
    "id" : "2426163",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2426163"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-440",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\narm64: set __exception_irq_entry with __irq_entry as a default\nfilter_irq_stacks() is supposed to cut entries which are related irq entries\nfrom its call stack.\nAnd in_irqentry_text() which is called by filter_irq_stacks()\nuses __irqentry_text_start/end symbol to find irq entries in callstack.\nBut it doesn't work correctly as without \"CONFIG_FUNCTION_GRAPH_TRACER\",\narm64 kernel doesn't include gic_handle_irq which is entry point of arm64 irq\nbetween __irqentry_text_start and __irqentry_text_end as we discussed in below link.\nhttps://lore.kernel.org/all/CACT4Y+aReMGLYua2rCLHgFpS9io5cZC04Q8GLs-uNmrn1ezxYQ@mail.gmail.com/#t\nThis problem can makes unintentional deep call stack entries especially\nin KASAN enabled situation as below.\n[ 2479.383395]I[0:launcher-loader: 1719] Stack depot reached limit capacity\n[ 2479.383538]I[0:launcher-loader: 1719] WARNING: CPU: 0 PID: 1719 at lib/stackdepot.c:129 __stack_depot_save+0x464/0x46c\n[ 2479.385693]I[0:launcher-loader: 1719] pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\n[ 2479.385724]I[0:launcher-loader: 1719] pc : __stack_depot_save+0x464/0x46c\n[ 2479.385751]I[0:launcher-loader: 1719] lr : __stack_depot_save+0x460/0x46c\n[ 2479.385774]I[0:launcher-loader: 1719] sp : ffffffc0080073c0\n[ 2479.385793]I[0:launcher-loader: 1719] x29: ffffffc0080073e0 x28: ffffffd00b78a000 x27: 0000000000000000\n[ 2479.385839]I[0:launcher-loader: 1719] x26: 000000000004d1dd x25: ffffff891474f000 x24: 00000000ca64d1dd\n[ 2479.385882]I[0:launcher-loader: 1719] x23: 0000000000000200 x22: 0000000000000220 x21: 0000000000000040\n[ 2479.385925]I[0:launcher-loader: 1719] x20: ffffffc008007440 x19: 0000000000000000 x18: 0000000000000000\n[ 2479.385969]I[0:launcher-loader: 1719] x17: 2065726568207475 x16: 000000000000005e x15: 2d2d2d2d2d2d2d20\n[ 2479.386013]I[0:launcher-loader: 1719] x14: 5d39313731203a72 x13: 00000000002f6b30 x12: 00000000002f6af8\n[ 2479.386057]I[0:launcher-loader: 1719] x11: 00000000ffffffff x10: ffffffb90aacf000 x9 : e8a74a6c16008800\n[ 2479.386101]I[0:launcher-loader: 1719] x8 : e8a74a6c16008800 x7 : 00000000002f6b30 x6 : 00000000002f6af8\n[ 2479.386145]I[0:launcher-loader: 1719] x5 : ffffffc0080070c8 x4 : ffffffd00b192380 x3 : ffffffd0092b313c\n[ 2479.386189]I[0:launcher-loader: 1719] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000022\n[ 2479.386231]I[0:launcher-loader: 1719] Call trace:\n[ 2479.386248]I[0:launcher-loader: 1719]  __stack_depot_save+0x464/0x46c\n[ 2479.386273]I[0:launcher-loader: 1719]  kasan_save_stack+0x58/0x70\n[ 2479.386303]I[0:launcher-loader: 1719]  save_stack_info+0x34/0x138\n[ 2479.386331]I[0:launcher-loader: 1719]  kasan_save_free_info+0x18/0x24\n[ 2479.386358]I[0:launcher-loader: 1719]  ____kasan_slab_free+0x16c/0x170\n[ 2479.386385]I[0:launcher-loader: 1719]  __kasan_slab_free+0x10/0x20\n[ 2479.386410]I[0:launcher-loader: 1719]  kmem_cache_free+0x238/0x53c\n[ 2479.386435]I[0:launcher-loader: 1719]  mempool_free_slab+0x1c/0x28\n[ 2479.386460]I[0:launcher-loader: 1719]  mempool_free+0x7c/0x1a0\n[ 2479.386484]I[0:launcher-loader: 1719]  bvec_free+0x34/0x80\n[ 2479.386514]I[0:launcher-loader: 1719]  bio_free+0x60/0x98\n[ 2479.386540]I[0:launcher-loader: 1719]  bio_put+0x50/0x21c\n[ 2479.386567]I[0:launcher-loader: 1719]  f2fs_write_end_io+0x4ac/0x4d0\n[ 2479.386594]I[0:launcher-loader: 1719]  bio_endio+0x2dc/0x300\n[ 2479.386622]I[0:launcher-loader: 1719]  __dm_io_complete+0x324/0x37c\n[ 2479.386650]I[0:launcher-loader: 1719]  dm_io_dec_pending+0x60/0xa4\n[ 2479.386676]I[0:launcher-loader: 1719]  clone_endio+0xf8/0x2f0\n[ 2479.386700]I[0:launcher-loader: 1719]  bio_endio+0x2dc/0x300\n[ 2479.386727]I[0:launcher-loader: 1719]  blk_update_request+0x258/0x63c\n[ 2479.386754]I[0:launcher-loader: 1719]  scsi_end_request+0x50/0x304\n[ 2479.386782]I[0:launcher-loader: 1719]  scsi_io_completion+0x88/0x160\n[ 2479.386808]I[0:launcher-loader: 1719]  scsi_finish_command+0x17c/0x194\n[ 2479.386833]I\n---truncated---", "A stack trace handling issue was found in ARM64 kernels. Without CONFIG_FUNCTION_GRAPH_TRACER, the IRQ entry function is not properly marked, causing filter_irq_stacks() to fail and potentially causing stack depot overflow warnings under KASAN." ],
  "statement" : "This primarily affects ARM64 systems running KASAN with heavy interrupt load. The issue causes stack traces to be unnecessarily long, potentially filling the stack depot. Normal operation without KASAN is unaffected.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54322\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54322\nhttps://lore.kernel.org/linux-cve-announce/2025123022-CVE-2023-54322-34ba@gregkh/T" ],
  "name" : "CVE-2023-54322",
  "csaw" : false
}