CVE-2023-53029

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.0-rc3-rt1-yocto-preempt-rt #1

Description A vulnerability in the Linux kernel has been resolved, specifically in the octeontx2-pf module. The issue arises from the use of GFP KERNEL in an atomic context on real-time (rt) kernels, leading to warnings about sleeping functions being called from invalid contexts. This problem occurs due to the unnecessary disabling of preemption for blockable memory allocation. The vulnerability affects the rt kernel, causing warnings and potential issues with memory allocation and spinlock usage.

Recommendations For Linux kernel version 6.2.0-rc3-rt1-yocto-preempt-rt #1 and earlier, consider updating to a newer version that includes the fix for the use of GFP KERNEL in atomic context on rt kernels. As a temporary workaround, review the usage of get/put cpu() and consider moving it into the corresponding callback to avoid redundant usage and minimize the risk of exploitation. Restrict access to the vulnerable module octeontx2-pf to minimize the risk of exploitation until a patch is available.