{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-53790", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-08T23:58:35.274Z", "datePublished": "2025-12-09T00:00:47.025Z", "dateUpdated": "2025-12-09T00:00:47.025Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-09T00:00:47.025Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Zeroing allocated object from slab in bpf memory allocator\n\nCurrently the freed element in bpf memory allocator may be immediately\nreused, for htab map the reuse will reinitialize special fields in map\nvalue (e.g., bpf_spin_lock), but lookup procedure may still access\nthese special fields, and it may lead to hard-lockup as shown below:\n\n NMI backtrace for cpu 16\n CPU: 16 PID: 2574 Comm: htab.bin Tainted: G L 6.1.0+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n RIP: 0010:queued_spin_lock_slowpath+0x283/0x2c0\n ......\n Call Trace:\n <TASK>\n copy_map_value_locked+0xb7/0x170\n bpf_map_copy_value+0x113/0x3c0\n __sys_bpf+0x1c67/0x2780\n __x64_sys_bpf+0x1c/0x20\n do_syscall_64+0x30/0x60\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n ......\n </TASK>\n\nFor htab map, just like the preallocated case, these is no need to\ninitialize these special fields in map value again once these fields\nhave been initialized. For preallocated htab map, these fields are\ninitialized through __GFP_ZERO in bpf_map_area_alloc(), so do the\nsimilar thing for non-preallocated htab in bpf memory allocator. And\nthere is no need to use __GFP_ZERO for per-cpu bpf memory allocator,\nbecause __alloc_percpu_gfp() does it implicitly."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/linux/bpf.h", "kernel/bpf/hashtab.c", "kernel/bpf/memalloc.c"], "versions": [{"version": "0fd7c5d43339b783ee3301a05f925d1e52ac87c9", "lessThan": "678ea18d6240299fd77d7000c8b1d7e5f274c8af", "status": "affected", "versionType": "git"}, {"version": "0fd7c5d43339b783ee3301a05f925d1e52ac87c9", "lessThan": "5d447e04290e78bdc1a3a6c321320d384e09c2f1", "status": "affected", "versionType": "git"}, {"version": "0fd7c5d43339b783ee3301a05f925d1e52ac87c9", "lessThan": "997849c4b969034e225153f41026657def66d286", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/linux/bpf.h", "kernel/bpf/hashtab.c", "kernel/bpf/memalloc.c"], "versions": [{"version": "6.1", "status": "affected"}, {"version": "0", "lessThan": "6.1", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.16", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2.3", "lessThanOrEqual": "6.2.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.1.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.2.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/678ea18d6240299fd77d7000c8b1d7e5f274c8af"}, {"url": "https://git.kernel.org/stable/c/5d447e04290e78bdc1a3a6c321320d384e09c2f1"}, {"url": "https://git.kernel.org/stable/c/997849c4b969034e225153f41026657def66d286"}], "title": "bpf: Zeroing allocated object from slab in bpf memory allocator", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Zeroing allocated object from slab in bpf memory allocator\n\nCurrently the freed element in bpf memory allocator may be immediately\nreused, for htab map the reuse will reinitialize special fields in map\nvalue (e.g., bpf_spin_lock), but lookup procedure may still access\nthese special fields, and it may lead to hard-lockup as shown below:\n\n NMI backtrace for cpu 16\n CPU: 16 PID: 2574 Comm: htab.bin Tainted: G L 6.1.0+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n RIP: 0010:queued_spin_lock_slowpath+0x283/0x2c0\n ......\n Call Trace:\n <TASK>\n copy_map_value_locked+0xb7/0x170\n bpf_map_copy_value+0x113/0x3c0\n __sys_bpf+0x1c67/0x2780\n __x64_sys_bpf+0x1c/0x20\n do_syscall_64+0x30/0x60\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n ......\n </TASK>\n\nFor htab map, just like the preallocated case, these is no need to\ninitialize these special fields in map value again once these fields\nhave been initialized. For preallocated htab map, these fields are\ninitialized through __GFP_ZERO in bpf_map_area_alloc(), so do the\nsimilar thing for non-preallocated htab in bpf memory allocator. And\nthere is no need to use __GFP_ZERO for per-cpu bpf memory allocator,\nbecause __alloc_percpu_gfp() does it implicitly."}], "id": "CVE-2023-53790", "lastModified": "2025-12-09T18:37:13.640", "metrics": {}, "published": "2025-12-09T01:16:50.447", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5d447e04290e78bdc1a3a6c321320d384e09c2f1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/678ea18d6240299fd77d7000c8b1d7e5f274c8af"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/997849c4b969034e225153f41026657def66d286"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: bpf: Zeroing allocated object from slab in bpf memory allocator", "id": "2420239", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420239"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nbpf: Zeroing allocated object from slab in bpf memory allocator\nCurrently the freed element in bpf memory allocator may be immediately\nreused, for htab map the reuse will reinitialize special fields in map\nvalue (e.g., bpf_spin_lock), but lookup procedure may still access\nthese special fields, and it may lead to hard-lockup as shown below:\nNMI backtrace for cpu 16\nCPU: 16 PID: 2574 Comm: htab.bin Tainted: G L 6.1.0+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nRIP: 0010:queued_spin_lock_slowpath+0x283/0x2c0\n......\nCall Trace:\n<TASK>\ncopy_map_value_locked+0xb7/0x170\nbpf_map_copy_value+0x113/0x3c0\n__sys_bpf+0x1c67/0x2780\n__x64_sys_bpf+0x1c/0x20\ndo_syscall_64+0x30/0x60\nentry_SYSCALL_64_after_hwframe+0x46/0xb0\n......\n</TASK>\nFor htab map, just like the preallocated case, these is no need to\ninitialize these special fields in map value again once these fields\nhave been initialized. For preallocated htab map, these fields are\ninitialized through __GFP_ZERO in bpf_map_area_alloc(), so do the\nsimilar thing for non-preallocated htab in bpf memory allocator. And\nthere is no need to use __GFP_ZERO for per-cpu bpf memory allocator,\nbecause __alloc_percpu_gfp() does it implicitly."], "name": "CVE-2023-53790", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-53790\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53790\nhttps://lore.kernel.org/linux-cve-announce/2025120940-CVE-2023-53790-6f22@gregkh/T"], "threat_severity": "Low"}

{}