CVE-2023-53445

MEDIUM EPSS 3.1%
Published Sep 18, 20259mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 18, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix a refcount bug in qrtr_recvmsg() Syzbot reported a bug as following: refcount_t: addition on 0; use-after-free. ... RIP: 0010:refcount_warn_saturate+0x17c/0x1f0 lib/refcount.c:25 ... Call Trace: <TASK> __refcount_add include/linux/refcount.h:199 [inline] __refcount_inc include/linux/refcount.h:250 [inline] refcount_inc include/linux/refcount.h:267 [inline] kref_get include/linux/kref.h:45 [inline] qrtr_node_acquire net/qrtr/af_qrtr.c:202 [inline] qrtr_node_lookup net/qrtr/af_qrtr.c:398 [inline] qrtr_send_resume_tx net/qrtr/af_qrtr.c:1003 [inline] qrtr_recvmsg+0x85f/0x990 net/qrtr/af_qrtr.c:1070 sock_recvmsg_nosec net/socket.c:1017 [inline] sock_recvmsg+0xe2/0x160 net/socket.c:1038 qrtr_ns_worker+0x170/0x1700 net/qrtr/ns.c:688 process_one_work+0x991/0x15c0 kernel/workqueue.c:2390 worker_thread+0x669/0x1090 kernel/workqueue.c:2537 It occurs in the concurrent scenario of qrtr_recvmsg() and qrtr_endpoint_unregister() as following: cpu0 cpu1 qrtr_recvmsg qrtr_endpoint_unregister qrtr_send_resume_tx qrtr_node_release qrtr_node_lookup mutex_lock(&qrtr_node_lock) spin_lock_irqsave(&qrtr_nodes_lock, ) refcount_dec_and_test(&node->ref) [node->ref == 0] radix_tree_lookup [node != NULL] __qrtr_node_release qrtr_node_acquire spin_lock_irqsave(&qrtr_nodes_lock, ) kref_get(&node->ref) [WARNING] ... mutex_unlock(&qrtr_node_lock) Use qrtr_node_lock to protect qrtr_node_lookup() implementation, this is actually improving the protection of node reference.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
3.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥5.6  –  <5.10.178
linuxlinux_kernel*≥5.11  –  <5.15.107
linuxlinux_kernel*≥5.16  –  <6.1.24
linuxlinux_kernel*≥6.2  –  <6.2.11
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/44d807320000db0d0013372ad39b53e12d52f758
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/48a07f6e00d305597396da4d7494b81cec05b9d3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/98a9cd82c541ef6cbdb829cd6c05cbbb471e373c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aa95efa187b4114075f312b3c4680d050b56fdec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b9ba5906c42089f8e1d0001b7b50a7940f086cbb
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/44d807320000db0d0013372ad39b53e12d52f758
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/48a07f6e00d305597396da4d7494b81cec05b9d3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/98a9cd82c541ef6cbdb829cd6c05cbbb471e373c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aa95efa187b4114075f312b3c4680d050b56fdec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b9ba5906c42089f8e1d0001b7b50a7940f086cbb
    Patch