CVE-2023-53329

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.5.0-rc6+ through 6.5.0-rc7-kcsan-00169-g81eaf55a60fc

Description A data race exists in the Linux kernel's workqueue functionality, specifically related to the incrementing of pwq->stats[]. Kernel Concurrency Sanitizer (KCSAN) identified this issue within the process one work function. The vulnerability occurs when multiple tasks concurrently access and modify the pwq->stats[PWQ STAT STARTED] variable, leading to inconsistent data. The issue was observed in the context of the btrfs filesystem's btrfs end bio work workqueue.

Recommendations Linux kernel versions prior to 6.5.0-rc6+ are affected. Linux kernel version 6.5.0-rc7-kcsan-00169-g81eaf55a60fc contains a fix that moves the increment of pwq->stats[PWQ STAT STARTED] before the unlocking of the pool's lock, resolving the data race without performance penalty.