GHSA-449W-38PP-J3QP

Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-02-12 18:30
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()

pr_info() is called with rtp->cbs_gbl_lock spin lock locked. Because pr_info() calls printk() that might sleep, this will result in BUG like below:

[ 0.206455] cblist_init_generic: Setting adjustable number of callback queues. [ 0.206463] [ 0.206464] ============================= [ 0.206464] [ BUG: Invalid wait context ] [ 0.206465] 5.19.0-00428-g9de1f9c8ca51 #5 Not tainted [ 0.206466] ----------------------------- [ 0.206466] swapper/0/1 is trying to lock: [ 0.206467] ffffffffa0167a58 (&port_lock_key){....}-{3:3}, at: serial8250_console_write+0x327/0x4a0 [ 0.206473] other info that might help us debug this: [ 0.206473] context-{5:5} [ 0.206474] 3 locks held by swapper/0/1: [ 0.206474] #0: ffffffff9eb597e0 (rcu_tasks.cbs_gbl_lock){....}-{2:2}, at: cblist_init_generic.constprop.0+0x14/0x1f0 [ 0.206478] #1: ffffffff9eb579c0 (console_lock){+.+.}-{0:0}, at: _printk+0x63/0x7e [ 0.206482] #2: ffffffff9ea77780 (console_owner){....}-{0:0}, at: console_emit_next_record.constprop.0+0x111/0x330 [ 0.206485] stack backtrace: [ 0.206486] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-00428-g9de1f9c8ca51 #5 [ 0.206488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014 [ 0.206489] Call Trace: [ 0.206490] [ 0.206491] dump_stack_lvl+0x6a/0x9f [ 0.206493] __lock_acquire.cold+0x2d7/0x2fe [ 0.206496] ? stack_trace_save+0x46/0x70 [ 0.206497] lock_acquire+0xd1/0x2f0 [ 0.206499] ? serial8250_console_write+0x327/0x4a0 [ 0.206500] ? __lock_acquire+0x5c7/0x2720 [ 0.206502] _raw_spin_lock_irqsave+0x3d/0x90 [ 0.206504] ? serial8250_console_write+0x327/0x4a0 [ 0.206506] serial8250_console_write+0x327/0x4a0 [ 0.206508] console_emit_next_record.constprop.0+0x180/0x330 [ 0.206511] console_unlock+0xf7/0x1f0 [ 0.206512] vprintk_emit+0xf7/0x330 [ 0.206514] _printk+0x63/0x7e [ 0.206516] cblist_init_generic.constprop.0.cold+0x24/0x32 [ 0.206518] rcu_init_tasks_generic+0x5/0xd9 [ 0.206522] kernel_init_freeable+0x15b/0x2a2 [ 0.206523] ? rest_init+0x160/0x160 [ 0.206526] kernel_init+0x11/0x120 [ 0.206527] ret_from_fork+0x1f/0x30 [ 0.206530] [ 0.207018] cblist_init_generic: Setting shift to 1 and lim to 1.

This patch moves pr_info() so that it is called without rtp->cbs_gbl_lock locked.

Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-53558"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-04T16:15:51Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()\n\npr_info() is called with rtp-\u003ecbs_gbl_lock spin lock locked.  Because\npr_info() calls printk() that might sleep, this will result in BUG\nlike below:\n\n[    0.206455] cblist_init_generic: Setting adjustable number of callback queues.\n[    0.206463]\n[    0.206464] =============================\n[    0.206464] [ BUG: Invalid wait context ]\n[    0.206465] 5.19.0-00428-g9de1f9c8ca51 #5 Not tainted\n[    0.206466] -----------------------------\n[    0.206466] swapper/0/1 is trying to lock:\n[    0.206467] ffffffffa0167a58 (\u0026port_lock_key){....}-{3:3}, at: serial8250_console_write+0x327/0x4a0\n[    0.206473] other info that might help us debug this:\n[    0.206473] context-{5:5}\n[    0.206474] 3 locks held by swapper/0/1:\n[    0.206474]  #0: ffffffff9eb597e0 (rcu_tasks.cbs_gbl_lock){....}-{2:2}, at: cblist_init_generic.constprop.0+0x14/0x1f0\n[    0.206478]  #1: ffffffff9eb579c0 (console_lock){+.+.}-{0:0}, at: _printk+0x63/0x7e\n[    0.206482]  #2: ffffffff9ea77780 (console_owner){....}-{0:0}, at: console_emit_next_record.constprop.0+0x111/0x330\n[    0.206485] stack backtrace:\n[    0.206486] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-00428-g9de1f9c8ca51 #5\n[    0.206488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014\n[    0.206489] Call Trace:\n[    0.206490]  \u003cTASK\u003e\n[    0.206491]  dump_stack_lvl+0x6a/0x9f\n[    0.206493]  __lock_acquire.cold+0x2d7/0x2fe\n[    0.206496]  ? stack_trace_save+0x46/0x70\n[    0.206497]  lock_acquire+0xd1/0x2f0\n[    0.206499]  ? serial8250_console_write+0x327/0x4a0\n[    0.206500]  ? __lock_acquire+0x5c7/0x2720\n[    0.206502]  _raw_spin_lock_irqsave+0x3d/0x90\n[    0.206504]  ? serial8250_console_write+0x327/0x4a0\n[    0.206506]  serial8250_console_write+0x327/0x4a0\n[    0.206508]  console_emit_next_record.constprop.0+0x180/0x330\n[    0.206511]  console_unlock+0xf7/0x1f0\n[    0.206512]  vprintk_emit+0xf7/0x330\n[    0.206514]  _printk+0x63/0x7e\n[    0.206516]  cblist_init_generic.constprop.0.cold+0x24/0x32\n[    0.206518]  rcu_init_tasks_generic+0x5/0xd9\n[    0.206522]  kernel_init_freeable+0x15b/0x2a2\n[    0.206523]  ? rest_init+0x160/0x160\n[    0.206526]  kernel_init+0x11/0x120\n[    0.206527]  ret_from_fork+0x1f/0x30\n[    0.206530]  \u003c/TASK\u003e\n[    0.207018] cblist_init_generic: Setting shift to 1 and lim to 1.\n\nThis patch moves pr_info() so that it is called without\nrtp-\u003ecbs_gbl_lock locked.",
  "id": "GHSA-449w-38pp-j3qp",
  "modified": "2026-02-12T18:30:18Z",
  "published": "2025-10-04T18:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53558"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5fc8cbe4cf0fd34ded8045c385790c3bf04f6785"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9027d69221ff96e1356f070f7feb2ff989ae7388"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ea9b81c7d9104040b46a84d2303045de267f5557"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.