CVE-2023-53029: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt The commit 4af1b64f80fb ("octeontx2-pf: Fix lmtst ID used in aura free") uses the get/put_cpu() to protect the usage of percpu pointer in ->aura_freeptr() callback, but it also unnecessarily disable the preemption for the blockable memory allocation. The commit 87b93b678e95 ("octeontx2-pf: Avoid use of GFP_KERNEL in atomic context") tried to fix these sleep inside atomic warnings. But it only fix the one for the non-rt kernel. For the rt kernel, we still get the similar warnings like below. BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0 preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 3 locks held by swapper/0/1: #0: ffff800009fc5fe8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x24/0x30 #1: ffff000100c276c0 (&mbox->lock){+.+.}-{3:3}, at: otx2_init_hw_resources+0x8c/0x3a4 #2: ffffffbfef6537e0 (&cpu_rcache->lock){+.+.}-{2:2}, at: alloc_iova_fast+0x1ac/0x2ac Preemption disabled at: [<ffff800008b1908c>] otx2_rq_aura_pool_init+0x14c/0x284 CPU: 20 PID: 1 Comm: swapper/0 Tainted: G W 6.2.0-rc3-rt1-yocto-preempt-rt #1 Hardware name: Marvell OcteonTX CN96XX board (DT) Call trace: dump_backtrace.part.0+0xe8/0xf4 show_stack+0x20/0x30 dump_stack_lvl+0x9c/0xd8 dump_stack+0x18/0x34 __might_resched+0x188/0x224 rt_spin_lock+0x64/0x110 alloc_iova_fast+0x1ac/0x2ac iommu_dma_alloc_iova+0xd4/0x110 __iommu_dma_map+0x80/0x144 iommu_dma_map_page+0xe8/0x260 dma_map_page_attrs+0xb4/0xc0 __otx2_alloc_rbuf+0x90/0x150 otx2_rq_aura_pool_init+0x1c8/0x284 otx2_init_hw_resources+0xe4/0x3a4 otx2_open+0xf0/0x610 __dev_open+0x104/0x224 __dev_change_flags+0x1e4/0x274 dev_change_flags+0x2c/0x7c ic_open_devs+0x124/0x2f8 ip_auto_config+0x180/0x42c do_one_initcall+0x90/0x4dc do_basic_setup+0x10c/0x14c kernel_init_freeable+0x10c/0x13c kernel_init+0x2c/0x140 ret_from_fork+0x10/0x20 Of course, we can shuffle the get/put_cpu() to only wrap the invocation of ->aura_freeptr() as what commit 87b93b678e95 does. But there are only two ->aura_freeptr() callbacks, otx2_aura_freeptr() and cn10k_aura_freeptr(). There is no usage of perpcu variable in the otx2_aura_freeptr() at all, so the get/put_cpu() seems redundant to it. We can move the get/put_cpu() into the corresponding callback which really has the percpu variable usage and avoid the sprinkling of get/put_cpu() in several places.
AI Analysis
Technical Summary
CVE-2023-53029 addresses a vulnerability in the Linux kernel specifically related to the octeontx2-pf driver, which is part of the network interface handling for Marvell OcteonTX platforms. The issue arises from improper use of GFP_KERNEL memory allocation flags in contexts where sleeping is not allowed, such as atomic or real-time (RT) kernel contexts. The vulnerability is rooted in the incorrect handling of per-CPU pointers within the aura_freeptr() callback function. Specifically, the commit history shows attempts to fix the problem by using get/put_cpu() to protect per-CPU pointer usage and to avoid sleeping in atomic contexts. However, previous fixes only addressed the non-RT kernel, leaving the RT kernel vulnerable to similar issues. This results in kernel warnings and potential BUGs due to sleeping functions being called from invalid contexts, which can cause system instability or crashes. The root cause is the unnecessary disabling of preemption for blockable memory allocations and improper placement of get/put_cpu() calls, which should be localized to callbacks that actually use per-CPU variables. The vulnerability affects specific Linux kernel versions identified by commit hashes and is relevant to systems running the real-time variant of the Linux kernel on Marvell OcteonTX CN96XX hardware or similar platforms. While no known exploits are reported in the wild, the issue can lead to kernel panics or denial of service due to improper synchronization and memory allocation in critical kernel paths.
Potential Impact
For European organizations, especially those relying on embedded systems, telecommunications infrastructure, or network appliances using Marvell OcteonTX hardware with real-time Linux kernels, this vulnerability poses a risk of system instability and denial of service. Critical infrastructure operators, industrial control systems, and telecom providers using these platforms could experience unexpected kernel crashes, leading to service interruptions. The impact is primarily on availability, as the kernel BUGs and preemption issues can cause system hangs or reboots. Confidentiality and integrity impacts are minimal or indirect, as this vulnerability does not directly enable code execution or privilege escalation. However, disruption of network devices or embedded systems could have cascading effects on operational continuity. Given the specialized hardware and kernel variant affected, the scope is limited but significant for sectors dependent on real-time Linux deployments on OcteonTX platforms.
Mitigation Recommendations
To mitigate this vulnerability, organizations should: 1) Apply the latest Linux kernel patches that address CVE-2023-53029, ensuring that the octeontx2-pf driver is updated to versions where the get/put_cpu() calls are correctly scoped to the relevant aura_freeptr() callbacks. 2) For systems running real-time Linux kernels on Marvell OcteonTX hardware, prioritize kernel updates from trusted vendors or maintainers that incorporate these fixes. 3) Conduct thorough testing of updated kernels in staging environments to verify stability and absence of preemption or sleeping warnings. 4) Monitor kernel logs for any signs of BUGs or atomic context violations related to octeontx2-pf to detect potential exploitation or instability. 5) Limit exposure by isolating affected hardware from critical networks until patches are applied. 6) Engage with hardware vendors and Linux distribution maintainers to ensure timely patch deployment and support for real-time kernel variants. These steps go beyond generic advice by focusing on the specific driver, kernel variant, and hardware platform involved.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Finland
CVE-2023-53029: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt The commit 4af1b64f80fb ("octeontx2-pf: Fix lmtst ID used in aura free") uses the get/put_cpu() to protect the usage of percpu pointer in ->aura_freeptr() callback, but it also unnecessarily disable the preemption for the blockable memory allocation. The commit 87b93b678e95 ("octeontx2-pf: Avoid use of GFP_KERNEL in atomic context") tried to fix these sleep inside atomic warnings. But it only fix the one for the non-rt kernel. For the rt kernel, we still get the similar warnings like below. BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0 preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 3 locks held by swapper/0/1: #0: ffff800009fc5fe8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x24/0x30 #1: ffff000100c276c0 (&mbox->lock){+.+.}-{3:3}, at: otx2_init_hw_resources+0x8c/0x3a4 #2: ffffffbfef6537e0 (&cpu_rcache->lock){+.+.}-{2:2}, at: alloc_iova_fast+0x1ac/0x2ac Preemption disabled at: [<ffff800008b1908c>] otx2_rq_aura_pool_init+0x14c/0x284 CPU: 20 PID: 1 Comm: swapper/0 Tainted: G W 6.2.0-rc3-rt1-yocto-preempt-rt #1 Hardware name: Marvell OcteonTX CN96XX board (DT) Call trace: dump_backtrace.part.0+0xe8/0xf4 show_stack+0x20/0x30 dump_stack_lvl+0x9c/0xd8 dump_stack+0x18/0x34 __might_resched+0x188/0x224 rt_spin_lock+0x64/0x110 alloc_iova_fast+0x1ac/0x2ac iommu_dma_alloc_iova+0xd4/0x110 __iommu_dma_map+0x80/0x144 iommu_dma_map_page+0xe8/0x260 dma_map_page_attrs+0xb4/0xc0 __otx2_alloc_rbuf+0x90/0x150 otx2_rq_aura_pool_init+0x1c8/0x284 otx2_init_hw_resources+0xe4/0x3a4 otx2_open+0xf0/0x610 __dev_open+0x104/0x224 __dev_change_flags+0x1e4/0x274 dev_change_flags+0x2c/0x7c ic_open_devs+0x124/0x2f8 ip_auto_config+0x180/0x42c do_one_initcall+0x90/0x4dc do_basic_setup+0x10c/0x14c kernel_init_freeable+0x10c/0x13c kernel_init+0x2c/0x140 ret_from_fork+0x10/0x20 Of course, we can shuffle the get/put_cpu() to only wrap the invocation of ->aura_freeptr() as what commit 87b93b678e95 does. But there are only two ->aura_freeptr() callbacks, otx2_aura_freeptr() and cn10k_aura_freeptr(). There is no usage of perpcu variable in the otx2_aura_freeptr() at all, so the get/put_cpu() seems redundant to it. We can move the get/put_cpu() into the corresponding callback which really has the percpu variable usage and avoid the sprinkling of get/put_cpu() in several places.
AI-Powered Analysis
Technical Analysis
CVE-2023-53029 addresses a vulnerability in the Linux kernel specifically related to the octeontx2-pf driver, which is part of the network interface handling for Marvell OcteonTX platforms. The issue arises from improper use of GFP_KERNEL memory allocation flags in contexts where sleeping is not allowed, such as atomic or real-time (RT) kernel contexts. The vulnerability is rooted in the incorrect handling of per-CPU pointers within the aura_freeptr() callback function. Specifically, the commit history shows attempts to fix the problem by using get/put_cpu() to protect per-CPU pointer usage and to avoid sleeping in atomic contexts. However, previous fixes only addressed the non-RT kernel, leaving the RT kernel vulnerable to similar issues. This results in kernel warnings and potential BUGs due to sleeping functions being called from invalid contexts, which can cause system instability or crashes. The root cause is the unnecessary disabling of preemption for blockable memory allocations and improper placement of get/put_cpu() calls, which should be localized to callbacks that actually use per-CPU variables. The vulnerability affects specific Linux kernel versions identified by commit hashes and is relevant to systems running the real-time variant of the Linux kernel on Marvell OcteonTX CN96XX hardware or similar platforms. While no known exploits are reported in the wild, the issue can lead to kernel panics or denial of service due to improper synchronization and memory allocation in critical kernel paths.
Potential Impact
For European organizations, especially those relying on embedded systems, telecommunications infrastructure, or network appliances using Marvell OcteonTX hardware with real-time Linux kernels, this vulnerability poses a risk of system instability and denial of service. Critical infrastructure operators, industrial control systems, and telecom providers using these platforms could experience unexpected kernel crashes, leading to service interruptions. The impact is primarily on availability, as the kernel BUGs and preemption issues can cause system hangs or reboots. Confidentiality and integrity impacts are minimal or indirect, as this vulnerability does not directly enable code execution or privilege escalation. However, disruption of network devices or embedded systems could have cascading effects on operational continuity. Given the specialized hardware and kernel variant affected, the scope is limited but significant for sectors dependent on real-time Linux deployments on OcteonTX platforms.
Mitigation Recommendations
To mitigate this vulnerability, organizations should: 1) Apply the latest Linux kernel patches that address CVE-2023-53029, ensuring that the octeontx2-pf driver is updated to versions where the get/put_cpu() calls are correctly scoped to the relevant aura_freeptr() callbacks. 2) For systems running real-time Linux kernels on Marvell OcteonTX hardware, prioritize kernel updates from trusted vendors or maintainers that incorporate these fixes. 3) Conduct thorough testing of updated kernels in staging environments to verify stability and absence of preemption or sleeping warnings. 4) Monitor kernel logs for any signs of BUGs or atomic context violations related to octeontx2-pf to detect potential exploitation or instability. 5) Limit exposure by isolating affected hardware from critical networks until patches are applied. 6) Engage with hardware vendors and Linux distribution maintainers to ensure timely patch deployment and support for real-time kernel variants. These steps go beyond generic advice by focusing on the specific driver, kernel variant, and hardware platform involved.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-03-27T16:40:15.757Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9821c4522896dcbdd944
Added to database: 5/21/2025, 9:08:49 AM
Last enriched: 6/28/2025, 1:56:16 AM
Last updated: 8/5/2025, 4:24:38 AM
Views: 13
Related Threats
CVE-2025-9008: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-9007: Buffer Overflow in Tenda CH22
HighCVE-2025-9006: Buffer Overflow in Tenda CH22
HighCVE-2025-9005: Information Exposure Through Error Message in mtons mblog
MediumCVE-2025-9004: Improper Restriction of Excessive Authentication Attempts in mtons mblog
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.