CVE-2023-54113

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.0-rc4-rt2-yocto-preempt-rt+ #15

Description The Linux kernel contained a flaw related to memory information dumping within the RCU (Read-Copy-Update) subsystem. Specifically, when call rcu() was invoked multiple times, it could attempt to dump memory information for rcu head objects not allocated from the slab allocator. This would trigger a call to vmalloc dump obj(), which required holding the vmap area lock spinlock. Because call rcu() could be invoked in interrupt context, this created a potential for spinlock deadlock scenarios. The issue was also demonstrated by a lockdep warning during the rcutorture test. The fix implemented a deadlock-safe version of find vm area and added logging to indicate when a pointer was a vmalloc pointer in case of failure.

Recommendations Update to Linux kernel version 6.5.0-rc4-rt2-yocto-preempt-rt+ #15 or a later version to address this issue.