CVE-2023-53022: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid deadlock in enetc_tx_onestep_tstamp() This lockdep splat says it better than I could: ================================ WARNING: inconsistent lock state 6.2.0-rc2-07010-ga9b9500ffaac-dirty #967 Not tainted -------------------------------- inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. kworker/1:3/179 [HC0[0]:SC0[0]:HE1:SE1] takes: ffff3ec4036ce098 (_xmit_ETHER#2){+.?.}-{3:3}, at: netif_freeze_queues+0x5c/0xc0 {IN-SOFTIRQ-W} state was registered at: _raw_spin_lock+0x5c/0xc0 sch_direct_xmit+0x148/0x37c __dev_queue_xmit+0x528/0x111c ip6_finish_output2+0x5ec/0xb7c ip6_finish_output+0x240/0x3f0 ip6_output+0x78/0x360 ndisc_send_skb+0x33c/0x85c ndisc_send_rs+0x54/0x12c addrconf_rs_timer+0x154/0x260 call_timer_fn+0xb8/0x3a0 __run_timers.part.0+0x214/0x26c run_timer_softirq+0x3c/0x74 __do_softirq+0x14c/0x5d8 ____do_softirq+0x10/0x20 call_on_irq_stack+0x2c/0x5c do_softirq_own_stack+0x1c/0x30 __irq_exit_rcu+0x168/0x1a0 irq_exit_rcu+0x10/0x40 el1_interrupt+0x38/0x64 irq event stamp: 7825 hardirqs last enabled at (7825): [<ffffdf1f7200cae4>] exit_to_kernel_mode+0x34/0x130 hardirqs last disabled at (7823): [<ffffdf1f708105f0>] __do_softirq+0x550/0x5d8 softirqs last enabled at (7824): [<ffffdf1f7081050c>] __do_softirq+0x46c/0x5d8 softirqs last disabled at (7811): [<ffffdf1f708166e0>] ____do_softirq+0x10/0x20 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(_xmit_ETHER#2); <Interrupt> lock(_xmit_ETHER#2); *** DEADLOCK *** 3 locks held by kworker/1:3/179: #0: ffff3ec400004748 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1f4/0x6c0 #1: ffff80000a0bbdc8 ((work_completion)(&priv->tx_onestep_tstamp)){+.+.}-{0:0}, at: process_one_work+0x1f4/0x6c0 #2: ffff3ec4036cd438 (&dev->tx_global_lock){+.+.}-{3:3}, at: netif_tx_lock+0x1c/0x34 Workqueue: events enetc_tx_onestep_tstamp Call trace: print_usage_bug.part.0+0x208/0x22c mark_lock+0x7f0/0x8b0 __lock_acquire+0x7c4/0x1ce0 lock_acquire.part.0+0xe0/0x220 lock_acquire+0x68/0x84 _raw_spin_lock+0x5c/0xc0 netif_freeze_queues+0x5c/0xc0 netif_tx_lock+0x24/0x34 enetc_tx_onestep_tstamp+0x20/0x100 process_one_work+0x28c/0x6c0 worker_thread+0x74/0x450 kthread+0x118/0x11c but I'll say it anyway: the enetc_tx_onestep_tstamp() work item runs in process context, therefore with softirqs enabled (i.o.w., it can be interrupted by a softirq). If we hold the netif_tx_lock() when there is an interrupt, and the NET_TX softirq then gets scheduled, this will take the netif_tx_lock() a second time and deadlock the kernel. To solve this, use netif_tx_lock_bh(), which blocks softirqs from running.
AI Analysis
Technical Summary
CVE-2023-53022 is a vulnerability identified in the Linux kernel, specifically within the Ethernet network driver component 'enetc'. The issue arises from a deadlock condition in the function enetc_tx_onestep_tstamp(), which is responsible for timestamping transmitted packets. The root cause is an inconsistent locking state involving the netif_tx_lock() spinlock. The vulnerability occurs because the work item enetc_tx_onestep_tstamp() runs in process context with softirqs enabled, allowing it to be interrupted by a softirq. If the netif_tx_lock() is held during this time, and a NET_TX softirq is scheduled, the same lock is attempted to be acquired again, causing a deadlock. This deadlock is demonstrated by the kernel's lockdep warning showing an inconsistent lock state and multiple locks held simultaneously by a kernel worker thread. The fix involves replacing netif_tx_lock() with netif_tx_lock_bh(), which disables softirqs while holding the lock, preventing the deadlock scenario. This vulnerability affects Linux kernel versions including those identified by the given commit hashes and is relevant to systems using the enetc network driver, commonly found in certain embedded or specialized Linux environments. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability could lead to kernel deadlocks on affected Linux systems, resulting in system hangs or crashes during network transmission operations. This impacts system availability and reliability, particularly for servers or network appliances relying on the affected enetc driver. Organizations running Linux distributions with kernels incorporating the vulnerable enetc driver, especially in embedded systems, network infrastructure devices, or specialized industrial control systems, may experience service disruptions. While the vulnerability does not directly expose confidentiality or integrity risks, the denial of service caused by kernel deadlocks can interrupt critical business operations, degrade network performance, and increase downtime. This is particularly significant for sectors with high availability requirements such as telecommunications, finance, healthcare, and manufacturing within Europe.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched, ensuring the enetc driver uses netif_tx_lock_bh() instead of netif_tx_lock(). For systems where immediate patching is not feasible, administrators should monitor kernel logs for lockdep warnings or symptoms of deadlocks related to network transmission. Network administrators should audit the use of the enetc driver in their environments and consider alternative network drivers or hardware if applicable. Additionally, implementing robust system monitoring and automated recovery mechanisms can help mitigate the impact of potential deadlocks by enabling rapid detection and reboot or failover procedures. Collaboration with Linux distribution vendors to obtain timely patches and security advisories is also recommended.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2023-53022: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid deadlock in enetc_tx_onestep_tstamp() This lockdep splat says it better than I could: ================================ WARNING: inconsistent lock state 6.2.0-rc2-07010-ga9b9500ffaac-dirty #967 Not tainted -------------------------------- inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. kworker/1:3/179 [HC0[0]:SC0[0]:HE1:SE1] takes: ffff3ec4036ce098 (_xmit_ETHER#2){+.?.}-{3:3}, at: netif_freeze_queues+0x5c/0xc0 {IN-SOFTIRQ-W} state was registered at: _raw_spin_lock+0x5c/0xc0 sch_direct_xmit+0x148/0x37c __dev_queue_xmit+0x528/0x111c ip6_finish_output2+0x5ec/0xb7c ip6_finish_output+0x240/0x3f0 ip6_output+0x78/0x360 ndisc_send_skb+0x33c/0x85c ndisc_send_rs+0x54/0x12c addrconf_rs_timer+0x154/0x260 call_timer_fn+0xb8/0x3a0 __run_timers.part.0+0x214/0x26c run_timer_softirq+0x3c/0x74 __do_softirq+0x14c/0x5d8 ____do_softirq+0x10/0x20 call_on_irq_stack+0x2c/0x5c do_softirq_own_stack+0x1c/0x30 __irq_exit_rcu+0x168/0x1a0 irq_exit_rcu+0x10/0x40 el1_interrupt+0x38/0x64 irq event stamp: 7825 hardirqs last enabled at (7825): [<ffffdf1f7200cae4>] exit_to_kernel_mode+0x34/0x130 hardirqs last disabled at (7823): [<ffffdf1f708105f0>] __do_softirq+0x550/0x5d8 softirqs last enabled at (7824): [<ffffdf1f7081050c>] __do_softirq+0x46c/0x5d8 softirqs last disabled at (7811): [<ffffdf1f708166e0>] ____do_softirq+0x10/0x20 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(_xmit_ETHER#2); <Interrupt> lock(_xmit_ETHER#2); *** DEADLOCK *** 3 locks held by kworker/1:3/179: #0: ffff3ec400004748 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1f4/0x6c0 #1: ffff80000a0bbdc8 ((work_completion)(&priv->tx_onestep_tstamp)){+.+.}-{0:0}, at: process_one_work+0x1f4/0x6c0 #2: ffff3ec4036cd438 (&dev->tx_global_lock){+.+.}-{3:3}, at: netif_tx_lock+0x1c/0x34 Workqueue: events enetc_tx_onestep_tstamp Call trace: print_usage_bug.part.0+0x208/0x22c mark_lock+0x7f0/0x8b0 __lock_acquire+0x7c4/0x1ce0 lock_acquire.part.0+0xe0/0x220 lock_acquire+0x68/0x84 _raw_spin_lock+0x5c/0xc0 netif_freeze_queues+0x5c/0xc0 netif_tx_lock+0x24/0x34 enetc_tx_onestep_tstamp+0x20/0x100 process_one_work+0x28c/0x6c0 worker_thread+0x74/0x450 kthread+0x118/0x11c but I'll say it anyway: the enetc_tx_onestep_tstamp() work item runs in process context, therefore with softirqs enabled (i.o.w., it can be interrupted by a softirq). If we hold the netif_tx_lock() when there is an interrupt, and the NET_TX softirq then gets scheduled, this will take the netif_tx_lock() a second time and deadlock the kernel. To solve this, use netif_tx_lock_bh(), which blocks softirqs from running.
AI-Powered Analysis
Technical Analysis
CVE-2023-53022 is a vulnerability identified in the Linux kernel, specifically within the Ethernet network driver component 'enetc'. The issue arises from a deadlock condition in the function enetc_tx_onestep_tstamp(), which is responsible for timestamping transmitted packets. The root cause is an inconsistent locking state involving the netif_tx_lock() spinlock. The vulnerability occurs because the work item enetc_tx_onestep_tstamp() runs in process context with softirqs enabled, allowing it to be interrupted by a softirq. If the netif_tx_lock() is held during this time, and a NET_TX softirq is scheduled, the same lock is attempted to be acquired again, causing a deadlock. This deadlock is demonstrated by the kernel's lockdep warning showing an inconsistent lock state and multiple locks held simultaneously by a kernel worker thread. The fix involves replacing netif_tx_lock() with netif_tx_lock_bh(), which disables softirqs while holding the lock, preventing the deadlock scenario. This vulnerability affects Linux kernel versions including those identified by the given commit hashes and is relevant to systems using the enetc network driver, commonly found in certain embedded or specialized Linux environments. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability could lead to kernel deadlocks on affected Linux systems, resulting in system hangs or crashes during network transmission operations. This impacts system availability and reliability, particularly for servers or network appliances relying on the affected enetc driver. Organizations running Linux distributions with kernels incorporating the vulnerable enetc driver, especially in embedded systems, network infrastructure devices, or specialized industrial control systems, may experience service disruptions. While the vulnerability does not directly expose confidentiality or integrity risks, the denial of service caused by kernel deadlocks can interrupt critical business operations, degrade network performance, and increase downtime. This is particularly significant for sectors with high availability requirements such as telecommunications, finance, healthcare, and manufacturing within Europe.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched, ensuring the enetc driver uses netif_tx_lock_bh() instead of netif_tx_lock(). For systems where immediate patching is not feasible, administrators should monitor kernel logs for lockdep warnings or symptoms of deadlocks related to network transmission. Network administrators should audit the use of the enetc driver in their environments and consider alternative network drivers or hardware if applicable. Additionally, implementing robust system monitoring and automated recovery mechanisms can help mitigate the impact of potential deadlocks by enabling rapid detection and reboot or failover procedures. Collaboration with Linux distribution vendors to obtain timely patches and security advisories is also recommended.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-03-27T16:40:15.752Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9830c4522896dcbe6d4a
Added to database: 5/21/2025, 9:09:04 AM
Last enriched: 7/1/2025, 3:13:21 AM
Last updated: 8/12/2025, 6:23:16 AM
Views: 23
Related Threats
CVE-2025-6184: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in themeum Tutor LMS Pro
HighCVE-2025-8762: Improper Physical Access Control in INSTAR 2K+
HighCVE-2025-8761: Denial of Service in INSTAR 2K+
HighCVE-2025-8760: Buffer Overflow in INSTAR 2K+
CriticalCVE-2025-6715: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in LatePoint
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.