CVE-2023-54086

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.0 #4

Description The Linux kernel contained a flaw related to the handling of recursion checks within the Berkeley Packet Filter (BPF) subsystem. Specifically, the preempt count {sub,add} functions were called after the prog->active flag was decreased in bpf prog exit recur, leading to a potential kernel panic. The issue stemmed from insufficient protection of preempt count {sub,add} during trampoline attachment. The fix involves adding these functions to the BTF ID deny list.

Recommendations Update to a version of the Linux kernel newer than 6.2.0 #4.

Exploit

Fix

Uncontrolled Recursion

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674CWE-404

Related Identifiers

BDU:2026-01237

CVE-2023-54086

Affected Products

Debian

Linux Kernel

CVE-2023-54086

Weakness Enumeration

Related Identifiers

Affected Products

References · 22