CVE-2023-54160

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-rc3-rt5

Description The Linux kernel contains a flaw related to the arm sdei firmware component. A bug exists where a sleeping function can be called from an invalid context, specifically triggered when running a preempt-rt kernel (v6.2-rc3-rt1) on an Ampere Altra system. This issue occurs because sdei cpuhp up() is called during the STARTING hotplug section, which runs with interrupts disabled. The fix involves moving 'WARN ON ONCE(preemptible())' statements to prevent triggering them during SDEI cpuhp callbacks and adding a check for the SDEI 1 0 FN SDEI PRIVATE RESET call, which operates on the calling CPU. The original SDEI cpuhp slot was superseded by pNMI, making the early slot irrelevant. Some SDEI calls take actions on the calling CPU and require preemption to be disabled.

Recommendations Update to a version later than 5.19.0-rc3-rt5.