CVE-2023-52750: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer Prior to LLVM 15.0.0, LLVM's integrated assembler would incorrectly byte-swap NOP when compiling for big-endian, and the resulting series of bytes happened to match the encoding of FNMADD S21, S30, S0, S0. This went unnoticed until commit: 34f66c4c4d5518c1 ("arm64: Use a positive cpucap for FP/SIMD") Prior to that commit, the kernel would always enable the use of FPSIMD early in boot when __cpu_setup() initialized CPACR_EL1, and so usage of FNMADD within the kernel was not detected, but could result in the corruption of user or kernel FPSIMD state. After that commit, the instructions happen to trap during boot prior to FPSIMD being detected and enabled, e.g. | Unhandled 64-bit el1h sync exception on CPU0, ESR 0x000000001fe00000 -- ASIMD | CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.0-rc3-00013-g34f66c4c4d55 #1 | Hardware name: linux,dummy-virt (DT) | pstate: 400000c9 (nZcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : __pi_strcmp+0x1c/0x150 | lr : populate_properties+0xe4/0x254 | sp : ffffd014173d3ad0 | x29: ffffd014173d3af0 x28: fffffbfffddffcb8 x27: 0000000000000000 | x26: 0000000000000058 x25: fffffbfffddfe054 x24: 0000000000000008 | x23: fffffbfffddfe000 x22: fffffbfffddfe000 x21: fffffbfffddfe044 | x20: ffffd014173d3b70 x19: 0000000000000001 x18: 0000000000000005 | x17: 0000000000000010 x16: 0000000000000000 x15: 00000000413e7000 | x14: 0000000000000000 x13: 0000000000001bcc x12: 0000000000000000 | x11: 00000000d00dfeed x10: ffffd414193f2cd0 x9 : 0000000000000000 | x8 : 0101010101010101 x7 : ffffffffffffffc0 x6 : 0000000000000000 | x5 : 0000000000000000 x4 : 0101010101010101 x3 : 000000000000002a | x2 : 0000000000000001 x1 : ffffd014171f2988 x0 : fffffbfffddffcb8 | Kernel panic - not syncing: Unhandled exception | CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.0-rc3-00013-g34f66c4c4d55 #1 | Hardware name: linux,dummy-virt (DT) | Call trace: | dump_backtrace+0xec/0x108 | show_stack+0x18/0x2c | dump_stack_lvl+0x50/0x68 | dump_stack+0x18/0x24 | panic+0x13c/0x340 | el1t_64_irq_handler+0x0/0x1c | el1_abort+0x0/0x5c | el1h_64_sync+0x64/0x68 | __pi_strcmp+0x1c/0x150 | unflatten_dt_nodes+0x1e8/0x2d8 | __unflatten_device_tree+0x5c/0x15c | unflatten_device_tree+0x38/0x50 | setup_arch+0x164/0x1e0 | start_kernel+0x64/0x38c | __primary_switched+0xbc/0xc4 Restrict CONFIG_CPU_BIG_ENDIAN to a known good assembler, which is either GNU as or LLVM's IAS 15.0.0 and newer, which contains the linked commit.
AI Analysis
Technical Summary
CVE-2023-52750 is a vulnerability in the Linux kernel specifically affecting the arm64 architecture when compiled with certain versions of LLVM's integrated assembler prior to version 15.0.0. The issue arises due to incorrect byte-swapping of the NOP instruction for big-endian CPUs. This incorrect byte sequence inadvertently matches the encoding of the FNMADD instruction (floating-point fused multiply-add), which is not expected to be executed at that point. Prior to a specific kernel commit (34f66c4c4d5518c1), the kernel enabled FPSIMD (floating-point and SIMD) early during boot, masking the problem because the FNMADD instruction was not trapped. However, after this commit, FPSIMD is enabled later, causing the misencoded FNMADD instructions to trap during early boot, resulting in kernel panics and unhandled exceptions. This leads to potential corruption of user or kernel FPSIMD state and system instability. The vulnerability is mitigated by restricting the CONFIG_CPU_BIG_ENDIAN configuration to only use known good assemblers: GNU as or LLVM IAS 15.0.0 and newer, which correctly handle the byte-swapping. The vulnerability is technical and subtle, involving the interaction between assembler behavior, CPU endianness, and kernel initialization sequences on arm64 platforms. It affects Linux kernel versions built with vulnerable LLVM versions and configured for big-endian CPUs, which are less common but still relevant in certain embedded and specialized environments.
Potential Impact
For European organizations, the impact of CVE-2023-52750 primarily concerns systems running Linux on arm64 big-endian hardware, which is relatively niche but present in some embedded systems, telecommunications infrastructure, and specialized industrial equipment. The vulnerability can cause kernel panics and system crashes during boot, leading to denial of service and potential data corruption in floating-point and SIMD registers. This can disrupt critical services, especially in environments relying on arm64 big-endian Linux systems for network infrastructure, industrial control, or telecommunications. While the vulnerability does not appear to allow privilege escalation or remote code execution directly, the resulting instability and kernel panics can cause significant operational disruption. European organizations using affected hardware and software stacks may face downtime, increased maintenance costs, and potential safety risks if embedded systems fail unexpectedly. The lack of known exploits in the wild reduces immediate risk, but the complexity of the issue means that unnoticed miscompilations could cause latent failures in deployed systems.
Mitigation Recommendations
Mitigation requires ensuring that Linux kernels for arm64 big-endian systems are compiled only with GNU as or LLVM IAS version 15.0.0 or newer, which correctly handle the byte-swapping of NOP instructions. Organizations should audit their build environments and toolchains to confirm the assembler versions in use. Kernel configurations should restrict CONFIG_CPU_BIG_ENDIAN to these known good assemblers. Additionally, affected systems should be updated to Linux kernel versions that include the fix restricting CPU_BIG_ENDIAN usage. For embedded and industrial systems, vendors should provide updated firmware or kernel images compiled with safe toolchains. Testing and validation of boot sequences on affected hardware are critical to detect any latent issues. Monitoring for kernel panics or boot failures related to FPSIMD initialization can help identify affected systems. Since this vulnerability manifests during early boot, recovery procedures and fallback mechanisms should be reviewed to minimize downtime. Finally, organizations should engage with hardware and software vendors to ensure supply chain integrity and timely patch deployment.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland
CVE-2023-52750: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer Prior to LLVM 15.0.0, LLVM's integrated assembler would incorrectly byte-swap NOP when compiling for big-endian, and the resulting series of bytes happened to match the encoding of FNMADD S21, S30, S0, S0. This went unnoticed until commit: 34f66c4c4d5518c1 ("arm64: Use a positive cpucap for FP/SIMD") Prior to that commit, the kernel would always enable the use of FPSIMD early in boot when __cpu_setup() initialized CPACR_EL1, and so usage of FNMADD within the kernel was not detected, but could result in the corruption of user or kernel FPSIMD state. After that commit, the instructions happen to trap during boot prior to FPSIMD being detected and enabled, e.g. | Unhandled 64-bit el1h sync exception on CPU0, ESR 0x000000001fe00000 -- ASIMD | CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.0-rc3-00013-g34f66c4c4d55 #1 | Hardware name: linux,dummy-virt (DT) | pstate: 400000c9 (nZcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : __pi_strcmp+0x1c/0x150 | lr : populate_properties+0xe4/0x254 | sp : ffffd014173d3ad0 | x29: ffffd014173d3af0 x28: fffffbfffddffcb8 x27: 0000000000000000 | x26: 0000000000000058 x25: fffffbfffddfe054 x24: 0000000000000008 | x23: fffffbfffddfe000 x22: fffffbfffddfe000 x21: fffffbfffddfe044 | x20: ffffd014173d3b70 x19: 0000000000000001 x18: 0000000000000005 | x17: 0000000000000010 x16: 0000000000000000 x15: 00000000413e7000 | x14: 0000000000000000 x13: 0000000000001bcc x12: 0000000000000000 | x11: 00000000d00dfeed x10: ffffd414193f2cd0 x9 : 0000000000000000 | x8 : 0101010101010101 x7 : ffffffffffffffc0 x6 : 0000000000000000 | x5 : 0000000000000000 x4 : 0101010101010101 x3 : 000000000000002a | x2 : 0000000000000001 x1 : ffffd014171f2988 x0 : fffffbfffddffcb8 | Kernel panic - not syncing: Unhandled exception | CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.0-rc3-00013-g34f66c4c4d55 #1 | Hardware name: linux,dummy-virt (DT) | Call trace: | dump_backtrace+0xec/0x108 | show_stack+0x18/0x2c | dump_stack_lvl+0x50/0x68 | dump_stack+0x18/0x24 | panic+0x13c/0x340 | el1t_64_irq_handler+0x0/0x1c | el1_abort+0x0/0x5c | el1h_64_sync+0x64/0x68 | __pi_strcmp+0x1c/0x150 | unflatten_dt_nodes+0x1e8/0x2d8 | __unflatten_device_tree+0x5c/0x15c | unflatten_device_tree+0x38/0x50 | setup_arch+0x164/0x1e0 | start_kernel+0x64/0x38c | __primary_switched+0xbc/0xc4 Restrict CONFIG_CPU_BIG_ENDIAN to a known good assembler, which is either GNU as or LLVM's IAS 15.0.0 and newer, which contains the linked commit.
AI-Powered Analysis
Technical Analysis
CVE-2023-52750 is a vulnerability in the Linux kernel specifically affecting the arm64 architecture when compiled with certain versions of LLVM's integrated assembler prior to version 15.0.0. The issue arises due to incorrect byte-swapping of the NOP instruction for big-endian CPUs. This incorrect byte sequence inadvertently matches the encoding of the FNMADD instruction (floating-point fused multiply-add), which is not expected to be executed at that point. Prior to a specific kernel commit (34f66c4c4d5518c1), the kernel enabled FPSIMD (floating-point and SIMD) early during boot, masking the problem because the FNMADD instruction was not trapped. However, after this commit, FPSIMD is enabled later, causing the misencoded FNMADD instructions to trap during early boot, resulting in kernel panics and unhandled exceptions. This leads to potential corruption of user or kernel FPSIMD state and system instability. The vulnerability is mitigated by restricting the CONFIG_CPU_BIG_ENDIAN configuration to only use known good assemblers: GNU as or LLVM IAS 15.0.0 and newer, which correctly handle the byte-swapping. The vulnerability is technical and subtle, involving the interaction between assembler behavior, CPU endianness, and kernel initialization sequences on arm64 platforms. It affects Linux kernel versions built with vulnerable LLVM versions and configured for big-endian CPUs, which are less common but still relevant in certain embedded and specialized environments.
Potential Impact
For European organizations, the impact of CVE-2023-52750 primarily concerns systems running Linux on arm64 big-endian hardware, which is relatively niche but present in some embedded systems, telecommunications infrastructure, and specialized industrial equipment. The vulnerability can cause kernel panics and system crashes during boot, leading to denial of service and potential data corruption in floating-point and SIMD registers. This can disrupt critical services, especially in environments relying on arm64 big-endian Linux systems for network infrastructure, industrial control, or telecommunications. While the vulnerability does not appear to allow privilege escalation or remote code execution directly, the resulting instability and kernel panics can cause significant operational disruption. European organizations using affected hardware and software stacks may face downtime, increased maintenance costs, and potential safety risks if embedded systems fail unexpectedly. The lack of known exploits in the wild reduces immediate risk, but the complexity of the issue means that unnoticed miscompilations could cause latent failures in deployed systems.
Mitigation Recommendations
Mitigation requires ensuring that Linux kernels for arm64 big-endian systems are compiled only with GNU as or LLVM IAS version 15.0.0 or newer, which correctly handle the byte-swapping of NOP instructions. Organizations should audit their build environments and toolchains to confirm the assembler versions in use. Kernel configurations should restrict CONFIG_CPU_BIG_ENDIAN to these known good assemblers. Additionally, affected systems should be updated to Linux kernel versions that include the fix restricting CPU_BIG_ENDIAN usage. For embedded and industrial systems, vendors should provide updated firmware or kernel images compiled with safe toolchains. Testing and validation of boot sequences on affected hardware are critical to detect any latent issues. Monitoring for kernel panics or boot failures related to FPSIMD initialization can help identify affected systems. Since this vulnerability manifests during early boot, recovery procedures and fallback mechanisms should be reviewed to minimize downtime. Finally, organizations should engage with hardware and software vendors to ensure supply chain integrity and timely patch deployment.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-21T15:19:24.234Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9830c4522896dcbe746d
Added to database: 5/21/2025, 9:09:04 AM
Last enriched: 7/1/2025, 6:25:24 AM
Last updated: 7/31/2025, 11:55:30 PM
Views: 11
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.