CVE-2023-53501
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/10/2025
Last modified:
23/01/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
iommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind<br />
<br />
When unbinding pasid - a race condition exists vs outstanding page faults.<br />
<br />
To prevent this, the pasid_state object contains a refcount.<br />
* set to 1 on pasid bind<br />
* incremented on each ppr notification start<br />
* decremented on each ppr notification done<br />
* decremented on pasid unbind<br />
<br />
Since refcount_dec assumes that refcount will never reach 0:<br />
the current implementation causes the following to be invoked on<br />
pasid unbind:<br />
REFCOUNT_WARN("decrement hit 0; leaking memory")<br />
<br />
Fix this issue by changing refcount_dec to refcount_dec_and_test<br />
to explicitly handle refcount=1.
Impact
Base Score 3.x
4.70
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.15 (including) | 5.15.132 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.53 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.4.16 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.5 (including) | 6.5.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/13ed255248dfbbb7f23f9170c7a537fb9ca22c73
- https://git.kernel.org/stable/c/534103bcd52ca9c1fecbc70e717b4a538dc4ded8
- https://git.kernel.org/stable/c/98d86bf32187db27946ca817c2467a5f2f7aa02f
- https://git.kernel.org/stable/c/9ccc51be3126b25cfe9351dbffde946c925cc28a
- https://git.kernel.org/stable/c/a50d60b8f2aff46dd7c7edb4a5835cdc4d432c22