CVE-2023-53067

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A vulnerability has been resolved in the Linux kernel. The issue is related to the LoongArch architecture and occurs when the get timer irq() function is called multiple times in the constant clockevent init() function. This can cause a sleeping function to be called from an invalid context, leading to a bug. The vulnerability is triggered when the might sleep() function is used in a preemption disable context. The estimated number of potentially affected devices is not specified.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix. As a temporary workaround, consider modifying the constant clockevent init() function to only call get timer irq() once, using the timer irq installed variable as a check condition. Restrict access to the constant clockevent init() function to minimize the risk of exploitation. Avoid using the might sleep() function in a preemption disable context until the issue is resolved.