CVE-2023-53064: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: iavf: fix hang on reboot with ice When a system with E810 with existing VFs gets rebooted the following hang may be observed. Pid 1 is hung in iavf_remove(), part of a network driver: PID: 1 TASK: ffff965400e5a340 CPU: 24 COMMAND: "systemd-shutdow" #0 [ffffaad04005fa50] __schedule at ffffffff8b3239cb #1 [ffffaad04005fae8] schedule at ffffffff8b323e2d #2 [ffffaad04005fb00] schedule_hrtimeout_range_clock at ffffffff8b32cebc #3 [ffffaad04005fb80] usleep_range_state at ffffffff8b32c930 #4 [ffffaad04005fbb0] iavf_remove at ffffffffc12b9b4c [iavf] #5 [ffffaad04005fbf0] pci_device_remove at ffffffff8add7513 #6 [ffffaad04005fc10] device_release_driver_internal at ffffffff8af08baa #7 [ffffaad04005fc40] pci_stop_bus_device at ffffffff8adcc5fc #8 [ffffaad04005fc60] pci_stop_and_remove_bus_device at ffffffff8adcc81e #9 [ffffaad04005fc70] pci_iov_remove_virtfn at ffffffff8adf9429 #10 [ffffaad04005fca8] sriov_disable at ffffffff8adf98e4 #11 [ffffaad04005fcc8] ice_free_vfs at ffffffffc04bb2c8 [ice] #12 [ffffaad04005fd10] ice_remove at ffffffffc04778fe [ice] #13 [ffffaad04005fd38] ice_shutdown at ffffffffc0477946 [ice] #14 [ffffaad04005fd50] pci_device_shutdown at ffffffff8add58f1 #15 [ffffaad04005fd70] device_shutdown at ffffffff8af05386 #16 [ffffaad04005fd98] kernel_restart at ffffffff8a92a870 #17 [ffffaad04005fda8] __do_sys_reboot at ffffffff8a92abd6 #18 [ffffaad04005fee0] do_syscall_64 at ffffffff8b317159 #19 [ffffaad04005ff08] __context_tracking_enter at ffffffff8b31b6fc #20 [ffffaad04005ff18] syscall_exit_to_user_mode at ffffffff8b31b50d #21 [ffffaad04005ff28] do_syscall_64 at ffffffff8b317169 #22 [ffffaad04005ff50] entry_SYSCALL_64_after_hwframe at ffffffff8b40009b RIP: 00007f1baa5c13d7 RSP: 00007fffbcc55a98 RFLAGS: 00000202 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1baa5c13d7 RDX: 0000000001234567 RSI: 0000000028121969 RDI: 00000000fee1dead RBP: 00007fffbcc55ca0 R8: 0000000000000000 R9: 00007fffbcc54e90 R10: 00007fffbcc55050 R11: 0000000000000202 R12: 0000000000000005 R13: 0000000000000000 R14: 00007fffbcc55af0 R15: 0000000000000000 ORIG_RAX: 00000000000000a9 CS: 0033 SS: 002b During reboot all drivers PM shutdown callbacks are invoked. In iavf_shutdown() the adapter state is changed to __IAVF_REMOVE. In ice_shutdown() the call chain above is executed, which at some point calls iavf_remove(). However iavf_remove() expects the VF to be in one of the states __IAVF_RUNNING, __IAVF_DOWN or __IAVF_INIT_FAILED. If that's not the case it sleeps forever. So if iavf_shutdown() gets invoked before iavf_remove() the system will hang indefinitely because the adapter is already in state __IAVF_REMOVE. Fix this by returning from iavf_remove() if the state is __IAVF_REMOVE, as we already went through iavf_shutdown().
AI Analysis
Technical Summary
CVE-2023-53064 is a vulnerability identified in the Linux kernel's network driver stack, specifically affecting the Intel Ethernet Controller E810 series with Virtual Functions (VFs) managed by the iavf and ice drivers. The issue arises during system reboot sequences where the shutdown and removal callbacks for the network adapter's virtual functions are invoked in an order that leads to a deadlock. During reboot, the iavf_shutdown() function sets the adapter state to __IAVF_REMOVE. Subsequently, the ice_shutdown() function triggers a call chain culminating in iavf_remove(). However, iavf_remove() expects the VF to be in one of the states __IAVF_RUNNING, __IAVF_DOWN, or __IAVF_INIT_FAILED. If the VF is already in the __IAVF_REMOVE state, iavf_remove() enters an indefinite sleep, causing the system to hang during reboot. This hang is due to the driver waiting on a condition that will never be met, effectively blocking the reboot process. The fix implemented returns early from iavf_remove() if the VF state is __IAVF_REMOVE, preventing the indefinite sleep and allowing the reboot to proceed normally. This vulnerability is specific to systems using the Intel E810 network controllers with SR-IOV enabled and affected Linux kernel versions prior to the patch. It does not appear to be exploitable remotely or by unprivileged users, as it requires a reboot sequence and interaction with the kernel's network driver shutdown routines. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, especially those operating data centers, cloud infrastructure, or enterprise environments utilizing Linux servers with Intel E810 network adapters and SR-IOV enabled, this vulnerability can cause significant operational disruption. The system hang during reboot can lead to extended downtime, impacting availability of critical services and applications. This is particularly relevant for organizations with high availability requirements such as financial institutions, telecommunications providers, and cloud service operators. While the vulnerability does not directly compromise confidentiality or integrity, the denial of service caused by reboot hangs can delay patching, maintenance, or recovery operations, indirectly increasing risk exposure. Additionally, environments relying on automated orchestration or rapid scaling may face challenges due to failed or stalled reboot cycles. The impact is primarily on availability and operational continuity rather than data breach or privilege escalation.
Mitigation Recommendations
To mitigate this vulnerability, affected organizations should promptly apply the Linux kernel patches that address CVE-2023-53064. Specifically, update to a kernel version that includes the fix for the iavf and ice drivers handling of VF states during shutdown. For environments where immediate patching is not feasible, administrators can consider temporarily disabling SR-IOV on Intel E810 adapters to avoid triggering the problematic code path during reboot, though this may reduce network performance or functionality. Additionally, implement controlled reboot procedures with monitoring to detect and recover from hangs, such as watchdog timers or out-of-band management systems capable of forcing power cycles. Testing kernel updates in staging environments before production deployment is recommended to ensure compatibility and stability. Maintaining up-to-date firmware for Intel network adapters may also help, although the vulnerability is kernel driver-specific. Finally, documenting and training operational staff on this issue can reduce downtime during maintenance windows.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland
CVE-2023-53064: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: iavf: fix hang on reboot with ice When a system with E810 with existing VFs gets rebooted the following hang may be observed. Pid 1 is hung in iavf_remove(), part of a network driver: PID: 1 TASK: ffff965400e5a340 CPU: 24 COMMAND: "systemd-shutdow" #0 [ffffaad04005fa50] __schedule at ffffffff8b3239cb #1 [ffffaad04005fae8] schedule at ffffffff8b323e2d #2 [ffffaad04005fb00] schedule_hrtimeout_range_clock at ffffffff8b32cebc #3 [ffffaad04005fb80] usleep_range_state at ffffffff8b32c930 #4 [ffffaad04005fbb0] iavf_remove at ffffffffc12b9b4c [iavf] #5 [ffffaad04005fbf0] pci_device_remove at ffffffff8add7513 #6 [ffffaad04005fc10] device_release_driver_internal at ffffffff8af08baa #7 [ffffaad04005fc40] pci_stop_bus_device at ffffffff8adcc5fc #8 [ffffaad04005fc60] pci_stop_and_remove_bus_device at ffffffff8adcc81e #9 [ffffaad04005fc70] pci_iov_remove_virtfn at ffffffff8adf9429 #10 [ffffaad04005fca8] sriov_disable at ffffffff8adf98e4 #11 [ffffaad04005fcc8] ice_free_vfs at ffffffffc04bb2c8 [ice] #12 [ffffaad04005fd10] ice_remove at ffffffffc04778fe [ice] #13 [ffffaad04005fd38] ice_shutdown at ffffffffc0477946 [ice] #14 [ffffaad04005fd50] pci_device_shutdown at ffffffff8add58f1 #15 [ffffaad04005fd70] device_shutdown at ffffffff8af05386 #16 [ffffaad04005fd98] kernel_restart at ffffffff8a92a870 #17 [ffffaad04005fda8] __do_sys_reboot at ffffffff8a92abd6 #18 [ffffaad04005fee0] do_syscall_64 at ffffffff8b317159 #19 [ffffaad04005ff08] __context_tracking_enter at ffffffff8b31b6fc #20 [ffffaad04005ff18] syscall_exit_to_user_mode at ffffffff8b31b50d #21 [ffffaad04005ff28] do_syscall_64 at ffffffff8b317169 #22 [ffffaad04005ff50] entry_SYSCALL_64_after_hwframe at ffffffff8b40009b RIP: 00007f1baa5c13d7 RSP: 00007fffbcc55a98 RFLAGS: 00000202 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1baa5c13d7 RDX: 0000000001234567 RSI: 0000000028121969 RDI: 00000000fee1dead RBP: 00007fffbcc55ca0 R8: 0000000000000000 R9: 00007fffbcc54e90 R10: 00007fffbcc55050 R11: 0000000000000202 R12: 0000000000000005 R13: 0000000000000000 R14: 00007fffbcc55af0 R15: 0000000000000000 ORIG_RAX: 00000000000000a9 CS: 0033 SS: 002b During reboot all drivers PM shutdown callbacks are invoked. In iavf_shutdown() the adapter state is changed to __IAVF_REMOVE. In ice_shutdown() the call chain above is executed, which at some point calls iavf_remove(). However iavf_remove() expects the VF to be in one of the states __IAVF_RUNNING, __IAVF_DOWN or __IAVF_INIT_FAILED. If that's not the case it sleeps forever. So if iavf_shutdown() gets invoked before iavf_remove() the system will hang indefinitely because the adapter is already in state __IAVF_REMOVE. Fix this by returning from iavf_remove() if the state is __IAVF_REMOVE, as we already went through iavf_shutdown().
AI-Powered Analysis
Technical Analysis
CVE-2023-53064 is a vulnerability identified in the Linux kernel's network driver stack, specifically affecting the Intel Ethernet Controller E810 series with Virtual Functions (VFs) managed by the iavf and ice drivers. The issue arises during system reboot sequences where the shutdown and removal callbacks for the network adapter's virtual functions are invoked in an order that leads to a deadlock. During reboot, the iavf_shutdown() function sets the adapter state to __IAVF_REMOVE. Subsequently, the ice_shutdown() function triggers a call chain culminating in iavf_remove(). However, iavf_remove() expects the VF to be in one of the states __IAVF_RUNNING, __IAVF_DOWN, or __IAVF_INIT_FAILED. If the VF is already in the __IAVF_REMOVE state, iavf_remove() enters an indefinite sleep, causing the system to hang during reboot. This hang is due to the driver waiting on a condition that will never be met, effectively blocking the reboot process. The fix implemented returns early from iavf_remove() if the VF state is __IAVF_REMOVE, preventing the indefinite sleep and allowing the reboot to proceed normally. This vulnerability is specific to systems using the Intel E810 network controllers with SR-IOV enabled and affected Linux kernel versions prior to the patch. It does not appear to be exploitable remotely or by unprivileged users, as it requires a reboot sequence and interaction with the kernel's network driver shutdown routines. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, especially those operating data centers, cloud infrastructure, or enterprise environments utilizing Linux servers with Intel E810 network adapters and SR-IOV enabled, this vulnerability can cause significant operational disruption. The system hang during reboot can lead to extended downtime, impacting availability of critical services and applications. This is particularly relevant for organizations with high availability requirements such as financial institutions, telecommunications providers, and cloud service operators. While the vulnerability does not directly compromise confidentiality or integrity, the denial of service caused by reboot hangs can delay patching, maintenance, or recovery operations, indirectly increasing risk exposure. Additionally, environments relying on automated orchestration or rapid scaling may face challenges due to failed or stalled reboot cycles. The impact is primarily on availability and operational continuity rather than data breach or privilege escalation.
Mitigation Recommendations
To mitigate this vulnerability, affected organizations should promptly apply the Linux kernel patches that address CVE-2023-53064. Specifically, update to a kernel version that includes the fix for the iavf and ice drivers handling of VF states during shutdown. For environments where immediate patching is not feasible, administrators can consider temporarily disabling SR-IOV on Intel E810 adapters to avoid triggering the problematic code path during reboot, though this may reduce network performance or functionality. Additionally, implement controlled reboot procedures with monitoring to detect and recover from hangs, such as watchdog timers or out-of-band management systems capable of forcing power cycles. Testing kernel updates in staging environments before production deployment is recommended to ensure compatibility and stability. Maintaining up-to-date firmware for Intel network adapters may also help, although the vulnerability is kernel driver-specific. Finally, documenting and training operational staff on this issue can reduce downtime during maintenance windows.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-05-02T15:51:43.548Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9821c4522896dcbdd958
Added to database: 5/21/2025, 9:08:49 AM
Last enriched: 6/28/2025, 1:57:03 AM
Last updated: 8/8/2025, 7:31:06 AM
Views: 13
Related Threats
CVE-2025-9028: SQL Injection in code-projects Online Medicine Guide
MediumCVE-2025-26709: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in ZTE F50
MediumCVE-2025-9027: SQL Injection in code-projects Online Medicine Guide
MediumCVE-2025-9026: OS Command Injection in D-Link DIR-860L
MediumCVE-2025-9025: SQL Injection in code-projects Simple Cafe Ordering System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.