{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-53727", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-10-22T13:21:37.348Z", "datePublished": "2025-10-22T13:23:56.528Z", "dateUpdated": "2025-10-22T13:23:56.528Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-22T13:23:56.528Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fq_pie: avoid stalls in fq_pie_timer()\n\nWhen setting a high number of flows (limit being 65536),\nfq_pie_timer() is currently using too much time as syzbot reported.\n\nAdd logic to yield the cpu every 2048 flows (less than 150 usec\non debug kernels).\nIt should also help by not blocking qdisc fast paths for too long.\nWorst case (65536 flows) would need 31 jiffies for a complete scan.\n\nRelevant extract from syzbot report:\n\nrcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 2663 jiffies s: 873 root: 0x1/.\nrcu: blocking rcu_node structures (internal RCU debug):\nSending NMI from CPU 1 to CPUs 0:\nNMI backtrace for cpu 0\nCPU: 0 PID: 5177 Comm: syz-executor273 Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\nRIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline]\nRIP: 0010:write_comp_data+0x21/0x90 kernel/kcov.c:236\nCode: 2e 0f 1f 84 00 00 00 00 00 65 8b 05 01 b2 7d 7e 49 89 f1 89 c6 49 89 d2 81 e6 00 01 00 00 49 89 f8 65 48 8b 14 25 80 b9 03 00 <a9> 00 01 ff 00 74 0e 85 f6 74 59 8b 82 04 16 00 00 85 c0 74 4f 8b\nRSP: 0018:ffffc90000007bb8 EFLAGS: 00000206\nRAX: 0000000000000101 RBX: ffffc9000dc0d140 RCX: ffffffff885893b0\nRDX: ffff88807c075940 RSI: 0000000000000100 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000dc0d178\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000555555d54380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f6b442f6130 CR3: 000000006fe1c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <NMI>\n </NMI>\n <IRQ>\n pie_calculate_probability+0x480/0x850 net/sched/sch_pie.c:415\n fq_pie_timer+0x1da/0x4f0 net/sched/sch_fq_pie.c:387\n call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sched/sch_fq_pie.c"], "versions": [{"version": "ec97ecf1ebe485a17cd8395a5f35e6b80b57665a", "lessThan": "94d527c3759d76c29220758362f622954612bea7", "status": "affected", "versionType": "git"}, {"version": "ec97ecf1ebe485a17cd8395a5f35e6b80b57665a", "lessThan": "973a4c302d7f3804098ff9824d9f56926901f293", "status": "affected", "versionType": "git"}, {"version": "ec97ecf1ebe485a17cd8395a5f35e6b80b57665a", "lessThan": "f39b49077abec4c9c3a4c2966532004851c51006", "status": "affected", "versionType": "git"}, {"version": "ec97ecf1ebe485a17cd8395a5f35e6b80b57665a", "lessThan": "e093000e7d13569c9cb07d7500acd5142c3c43cb", "status": "affected", "versionType": "git"}, {"version": "ec97ecf1ebe485a17cd8395a5f35e6b80b57665a", "lessThan": "8c21ab1bae945686c602c5bfa4e3f3352c2452c5", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sched/sch_fq_pie.c"], "versions": [{"version": "5.6", "status": "affected"}, {"version": "0", "lessThan": "5.6", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.195", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.132", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.54", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.4", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "5.10.195"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "5.15.132"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.1.54"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.5.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.6"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/94d527c3759d76c29220758362f622954612bea7"}, {"url": "https://git.kernel.org/stable/c/973a4c302d7f3804098ff9824d9f56926901f293"}, {"url": "https://git.kernel.org/stable/c/f39b49077abec4c9c3a4c2966532004851c51006"}, {"url": "https://git.kernel.org/stable/c/e093000e7d13569c9cb07d7500acd5142c3c43cb"}, {"url": "https://git.kernel.org/stable/c/8c21ab1bae945686c602c5bfa4e3f3352c2452c5"}], "title": "net/sched: fq_pie: avoid stalls in fq_pie_timer()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fq_pie: avoid stalls in fq_pie_timer()\n\nWhen setting a high number of flows (limit being 65536),\nfq_pie_timer() is currently using too much time as syzbot reported.\n\nAdd logic to yield the cpu every 2048 flows (less than 150 usec\non debug kernels).\nIt should also help by not blocking qdisc fast paths for too long.\nWorst case (65536 flows) would need 31 jiffies for a complete scan.\n\nRelevant extract from syzbot report:\n\nrcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 2663 jiffies s: 873 root: 0x1/.\nrcu: blocking rcu_node structures (internal RCU debug):\nSending NMI from CPU 1 to CPUs 0:\nNMI backtrace for cpu 0\nCPU: 0 PID: 5177 Comm: syz-executor273 Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\nRIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline]\nRIP: 0010:write_comp_data+0x21/0x90 kernel/kcov.c:236\nCode: 2e 0f 1f 84 00 00 00 00 00 65 8b 05 01 b2 7d 7e 49 89 f1 89 c6 49 89 d2 81 e6 00 01 00 00 49 89 f8 65 48 8b 14 25 80 b9 03 00 <a9> 00 01 ff 00 74 0e 85 f6 74 59 8b 82 04 16 00 00 85 c0 74 4f 8b\nRSP: 0018:ffffc90000007bb8 EFLAGS: 00000206\nRAX: 0000000000000101 RBX: ffffc9000dc0d140 RCX: ffffffff885893b0\nRDX: ffff88807c075940 RSI: 0000000000000100 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000dc0d178\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000555555d54380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f6b442f6130 CR3: 000000006fe1c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <NMI>\n </NMI>\n <IRQ>\n pie_calculate_probability+0x480/0x850 net/sched/sch_pie.c:415\n fq_pie_timer+0x1da/0x4f0 net/sched/sch_fq_pie.c:387\n call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700"}], "id": "CVE-2023-53727", "lastModified": "2025-10-22T21:12:48.953", "metrics": {}, "published": "2025-10-22T14:15:47.977", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8c21ab1bae945686c602c5bfa4e3f3352c2452c5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/94d527c3759d76c29220758362f622954612bea7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/973a4c302d7f3804098ff9824d9f56926901f293"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e093000e7d13569c9cb07d7500acd5142c3c43cb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f39b49077abec4c9c3a4c2966532004851c51006"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: net/sched: fq_pie: avoid stalls in fq_pie_timer()", "id": "2405776", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405776"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2023-53727", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-10-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-53727\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53727\nhttps://lore.kernel.org/linux-cve-announce/2025102215-CVE-2023-53727-73d8@gregkh/T"], "threat_severity": "Moderate"}

{}