CVE-2023-53099: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: firmware: xilinx: don't make a sleepable memory allocation from an atomic context The following issue was discovered using lockdep: [ 6.691371] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 6.694602] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 1, name: swapper/0 [ 6.702431] 2 locks held by swapper/0/1: [ 6.706300] #0: ffffff8800f6f188 (&dev->mutex){....}-{3:3}, at: __device_driver_lock+0x4c/0x90 [ 6.714900] #1: ffffffc009a2abb8 (enable_lock){....}-{2:2}, at: clk_enable_lock+0x4c/0x140 [ 6.723156] irq event stamp: 304030 [ 6.726596] hardirqs last enabled at (304029): [<ffffffc008d17ee0>] _raw_spin_unlock_irqrestore+0xc0/0xd0 [ 6.736142] hardirqs last disabled at (304030): [<ffffffc00876bc5c>] clk_enable_lock+0xfc/0x140 [ 6.744742] softirqs last enabled at (303958): [<ffffffc0080904f0>] _stext+0x4f0/0x894 [ 6.752655] softirqs last disabled at (303951): [<ffffffc0080e53b8>] irq_exit+0x238/0x280 [ 6.760744] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G U 5.15.36 #2 [ 6.768048] Hardware name: xlnx,zynqmp (DT) [ 6.772179] Call trace: [ 6.774584] dump_backtrace+0x0/0x300 [ 6.778197] show_stack+0x18/0x30 [ 6.781465] dump_stack_lvl+0xb8/0xec [ 6.785077] dump_stack+0x1c/0x38 [ 6.788345] ___might_sleep+0x1a8/0x2a0 [ 6.792129] __might_sleep+0x6c/0xd0 [ 6.795655] kmem_cache_alloc_trace+0x270/0x3d0 [ 6.800127] do_feature_check_call+0x100/0x220 [ 6.804513] zynqmp_pm_invoke_fn+0x8c/0xb0 [ 6.808555] zynqmp_pm_clock_getstate+0x90/0xe0 [ 6.813027] zynqmp_pll_is_enabled+0x8c/0x120 [ 6.817327] zynqmp_pll_enable+0x38/0xc0 [ 6.821197] clk_core_enable+0x144/0x400 [ 6.825067] clk_core_enable+0xd4/0x400 [ 6.828851] clk_core_enable+0xd4/0x400 [ 6.832635] clk_core_enable+0xd4/0x400 [ 6.836419] clk_core_enable+0xd4/0x400 [ 6.840203] clk_core_enable+0xd4/0x400 [ 6.843987] clk_core_enable+0xd4/0x400 [ 6.847771] clk_core_enable+0xd4/0x400 [ 6.851555] clk_core_enable_lock+0x24/0x50 [ 6.855683] clk_enable+0x24/0x40 [ 6.858952] fclk_probe+0x84/0xf0 [ 6.862220] platform_probe+0x8c/0x110 [ 6.865918] really_probe+0x110/0x5f0 [ 6.869530] __driver_probe_device+0xcc/0x210 [ 6.873830] driver_probe_device+0x64/0x140 [ 6.877958] __driver_attach+0x114/0x1f0 [ 6.881828] bus_for_each_dev+0xe8/0x160 [ 6.885698] driver_attach+0x34/0x50 [ 6.889224] bus_add_driver+0x228/0x300 [ 6.893008] driver_register+0xc0/0x1e0 [ 6.896792] __platform_driver_register+0x44/0x60 [ 6.901436] fclk_driver_init+0x1c/0x28 [ 6.905220] do_one_initcall+0x104/0x590 [ 6.909091] kernel_init_freeable+0x254/0x2bc [ 6.913390] kernel_init+0x24/0x130 [ 6.916831] ret_from_fork+0x10/0x20 Fix it by passing the GFP_ATOMIC gfp flag for the corresponding memory allocation.
AI Analysis
Technical Summary
CVE-2023-53099 is a vulnerability identified in the Linux kernel, specifically within the firmware handling code for Xilinx devices. The core issue arises from an improper memory allocation context: the kernel attempts to perform a sleepable memory allocation from an atomic context, which is invalid. Atomic context in kernel programming means that the code cannot sleep or block, as it may be holding locks or interrupts are disabled. The vulnerability was discovered through lockdep, a kernel debugging tool that detects locking and context issues. The bug manifests as a call to a sleeping function from an invalid context, leading to kernel warnings and potential system instability or crashes. The detailed kernel logs indicate that the problem occurs during the enabling of clocks in the Xilinx Zynq UltraScale+ MPSoC platform, where the driver attempts to allocate memory without the GFP_ATOMIC flag, which is required for allocations in atomic contexts. The fix involves changing the memory allocation to use GFP_ATOMIC, ensuring that the allocation does not sleep and thus respects the atomic context constraints. This vulnerability affects Linux kernel versions containing the specified commits, particularly those used in embedded systems or devices utilizing Xilinx hardware. While no known exploits are reported in the wild, the flaw can lead to kernel panics or denial of service due to improper context handling in critical firmware operations.
Potential Impact
For European organizations, especially those relying on embedded Linux systems or industrial devices using Xilinx hardware (such as telecommunications infrastructure, automotive systems, or industrial control systems), this vulnerability poses a risk of system instability or denial of service. A kernel panic triggered by this flaw could disrupt critical operations, leading to downtime and potential safety issues in industrial environments. Although the vulnerability does not directly allow privilege escalation or remote code execution, the resulting system crashes could be exploited by attackers to cause persistent denial of service or to create conditions favorable for further attacks. Organizations deploying Linux-based devices with Xilinx components should be aware of this risk, as it may affect the reliability and availability of their systems.
Mitigation Recommendations
Mitigation requires updating the Linux kernel to a version where the fix is applied, specifically ensuring that the firmware driver for Xilinx devices uses GFP_ATOMIC for memory allocations in atomic contexts. For organizations unable to immediately update kernels, temporary mitigations include limiting the use of affected hardware or isolating vulnerable devices from critical networks to reduce attack surface. Additionally, monitoring kernel logs for the specific BUG messages related to sleeping in atomic context can help detect attempts to trigger this issue. Vendors and integrators should verify that their embedded Linux distributions incorporate the patch. For custom or legacy systems, backporting the fix may be necessary. Implementing robust system monitoring and automated reboot mechanisms can help mitigate the impact of unexpected kernel panics caused by this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Sweden, Finland
CVE-2023-53099: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: firmware: xilinx: don't make a sleepable memory allocation from an atomic context The following issue was discovered using lockdep: [ 6.691371] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 6.694602] in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 1, name: swapper/0 [ 6.702431] 2 locks held by swapper/0/1: [ 6.706300] #0: ffffff8800f6f188 (&dev->mutex){....}-{3:3}, at: __device_driver_lock+0x4c/0x90 [ 6.714900] #1: ffffffc009a2abb8 (enable_lock){....}-{2:2}, at: clk_enable_lock+0x4c/0x140 [ 6.723156] irq event stamp: 304030 [ 6.726596] hardirqs last enabled at (304029): [<ffffffc008d17ee0>] _raw_spin_unlock_irqrestore+0xc0/0xd0 [ 6.736142] hardirqs last disabled at (304030): [<ffffffc00876bc5c>] clk_enable_lock+0xfc/0x140 [ 6.744742] softirqs last enabled at (303958): [<ffffffc0080904f0>] _stext+0x4f0/0x894 [ 6.752655] softirqs last disabled at (303951): [<ffffffc0080e53b8>] irq_exit+0x238/0x280 [ 6.760744] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G U 5.15.36 #2 [ 6.768048] Hardware name: xlnx,zynqmp (DT) [ 6.772179] Call trace: [ 6.774584] dump_backtrace+0x0/0x300 [ 6.778197] show_stack+0x18/0x30 [ 6.781465] dump_stack_lvl+0xb8/0xec [ 6.785077] dump_stack+0x1c/0x38 [ 6.788345] ___might_sleep+0x1a8/0x2a0 [ 6.792129] __might_sleep+0x6c/0xd0 [ 6.795655] kmem_cache_alloc_trace+0x270/0x3d0 [ 6.800127] do_feature_check_call+0x100/0x220 [ 6.804513] zynqmp_pm_invoke_fn+0x8c/0xb0 [ 6.808555] zynqmp_pm_clock_getstate+0x90/0xe0 [ 6.813027] zynqmp_pll_is_enabled+0x8c/0x120 [ 6.817327] zynqmp_pll_enable+0x38/0xc0 [ 6.821197] clk_core_enable+0x144/0x400 [ 6.825067] clk_core_enable+0xd4/0x400 [ 6.828851] clk_core_enable+0xd4/0x400 [ 6.832635] clk_core_enable+0xd4/0x400 [ 6.836419] clk_core_enable+0xd4/0x400 [ 6.840203] clk_core_enable+0xd4/0x400 [ 6.843987] clk_core_enable+0xd4/0x400 [ 6.847771] clk_core_enable+0xd4/0x400 [ 6.851555] clk_core_enable_lock+0x24/0x50 [ 6.855683] clk_enable+0x24/0x40 [ 6.858952] fclk_probe+0x84/0xf0 [ 6.862220] platform_probe+0x8c/0x110 [ 6.865918] really_probe+0x110/0x5f0 [ 6.869530] __driver_probe_device+0xcc/0x210 [ 6.873830] driver_probe_device+0x64/0x140 [ 6.877958] __driver_attach+0x114/0x1f0 [ 6.881828] bus_for_each_dev+0xe8/0x160 [ 6.885698] driver_attach+0x34/0x50 [ 6.889224] bus_add_driver+0x228/0x300 [ 6.893008] driver_register+0xc0/0x1e0 [ 6.896792] __platform_driver_register+0x44/0x60 [ 6.901436] fclk_driver_init+0x1c/0x28 [ 6.905220] do_one_initcall+0x104/0x590 [ 6.909091] kernel_init_freeable+0x254/0x2bc [ 6.913390] kernel_init+0x24/0x130 [ 6.916831] ret_from_fork+0x10/0x20 Fix it by passing the GFP_ATOMIC gfp flag for the corresponding memory allocation.
AI-Powered Analysis
Technical Analysis
CVE-2023-53099 is a vulnerability identified in the Linux kernel, specifically within the firmware handling code for Xilinx devices. The core issue arises from an improper memory allocation context: the kernel attempts to perform a sleepable memory allocation from an atomic context, which is invalid. Atomic context in kernel programming means that the code cannot sleep or block, as it may be holding locks or interrupts are disabled. The vulnerability was discovered through lockdep, a kernel debugging tool that detects locking and context issues. The bug manifests as a call to a sleeping function from an invalid context, leading to kernel warnings and potential system instability or crashes. The detailed kernel logs indicate that the problem occurs during the enabling of clocks in the Xilinx Zynq UltraScale+ MPSoC platform, where the driver attempts to allocate memory without the GFP_ATOMIC flag, which is required for allocations in atomic contexts. The fix involves changing the memory allocation to use GFP_ATOMIC, ensuring that the allocation does not sleep and thus respects the atomic context constraints. This vulnerability affects Linux kernel versions containing the specified commits, particularly those used in embedded systems or devices utilizing Xilinx hardware. While no known exploits are reported in the wild, the flaw can lead to kernel panics or denial of service due to improper context handling in critical firmware operations.
Potential Impact
For European organizations, especially those relying on embedded Linux systems or industrial devices using Xilinx hardware (such as telecommunications infrastructure, automotive systems, or industrial control systems), this vulnerability poses a risk of system instability or denial of service. A kernel panic triggered by this flaw could disrupt critical operations, leading to downtime and potential safety issues in industrial environments. Although the vulnerability does not directly allow privilege escalation or remote code execution, the resulting system crashes could be exploited by attackers to cause persistent denial of service or to create conditions favorable for further attacks. Organizations deploying Linux-based devices with Xilinx components should be aware of this risk, as it may affect the reliability and availability of their systems.
Mitigation Recommendations
Mitigation requires updating the Linux kernel to a version where the fix is applied, specifically ensuring that the firmware driver for Xilinx devices uses GFP_ATOMIC for memory allocations in atomic contexts. For organizations unable to immediately update kernels, temporary mitigations include limiting the use of affected hardware or isolating vulnerable devices from critical networks to reduce attack surface. Additionally, monitoring kernel logs for the specific BUG messages related to sleeping in atomic context can help detect attempts to trigger this issue. Vendors and integrators should verify that their embedded Linux distributions incorporate the patch. For custom or legacy systems, backporting the fix may be necessary. Implementing robust system monitoring and automated reboot mechanisms can help mitigate the impact of unexpected kernel panics caused by this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-05-02T15:51:43.552Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9821c4522896dcbdd996
Added to database: 5/21/2025, 9:08:49 AM
Last enriched: 6/28/2025, 2:10:45 AM
Last updated: 8/10/2025, 12:28:41 PM
Views: 15
Related Threats
CVE-2025-8810: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-8809: SQL Injection in code-projects Online Medicine Guide
MediumCVE-2025-8808: CSV Injection in xujeff tianti 天梯
MediumCVE-2025-8807: Missing Authorization in xujeff tianti 天梯
MediumCVE-2025-8806: SQL Injection in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.