CVE-2023-53522

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a circular locking dependency between cpu hotplug lock and freezer mutex within the cgroup freezer subsystem. Specifically, the issue arises from the order in which locks are acquired and released during freezer state changes and CPU hotplug operations. The vulnerability was identified by syzbot, which reported the circular dependency after a code change involving the replacement of atomic inc() with static branch inc() in the freezer apply state() function. The locking order involves cpu hotplug lock being acquired before freezer mutex in certain code paths, and vice versa in others, creating a potential deadlock situation. The affected code paths include functions such as cgroup file write(), cgroup procs write(), cgroup procs write(), cgroup attach lock(), cgroup attach task(), cgroup migrate(), cgroup migrate execute(), freezer attach(), freezer write(), freezer change state(), and freezer apply state().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.