CVE-2023-53728

NONE EPSS 9.1%
Published Oct 22, 20258mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Oct 22, 2025 8mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid posix_timer_add() tries to allocate a posix timer ID by starting from the cached ID which was stored by the last successful allocation. This is done in a loop searching the ID space for a free slot one by one. The loop has to terminate when the search wrapped around to the starting point. But that's racy vs. establishing the starting point. That is read out lockless, which leads to the following problem: CPU0 CPU1 posix_timer_add() start = sig->posix_timer_id; lock(hash_lock); ... posix_timer_add() if (++sig->posix_timer_id < 0) start = sig->posix_timer_id; sig->posix_timer_id = 0; So CPU1 can observe a negative start value, i.e. -1, and the loop break never happens because the condition can never be true: if (sig->posix_timer_id == start) break; While this is unlikely to ever turn into an endless loop as the ID space is huge (INT_MAX), the racy read of the start value caught the attention of KCSAN and Dmitry unearthed that incorrectness. Rewrite it so that all id operations are under the hash lock.

Threat Intelligence

EPSS Exploit Probability
9.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 8

  • git.kernel.org https://git.kernel.org/stable/c/322377cc909defcca9451487484845e7e1d20d1b
  • git.kernel.org https://git.kernel.org/stable/c/37175e25edf7cc0d5a2cd2c2a1cbe2dcbf4a1937
  • git.kernel.org https://git.kernel.org/stable/c/6a0ac84501b4fec73a1a823c55cf13584c43f418
  • git.kernel.org https://git.kernel.org/stable/c/8ad6679a5bb97cdb3e14942729292b4bfcc0e223
  • git.kernel.org https://git.kernel.org/stable/c/8ce8849dd1e78dadcee0ec9acbd259d239b7069f
  • git.kernel.org https://git.kernel.org/stable/c/8dc52c200b889bc1cb34288fbf623d4ff381d2ae
  • git.kernel.org https://git.kernel.org/stable/c/9ea26a8494a0a9337e7415eafd6f3ed940327dc5
  • git.kernel.org https://git.kernel.org/stable/c/ef535e0315afd098c4beb1da364847eca4b56a20

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.