{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-53135", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-05-02T15:51:43.561Z", "datePublished": "2025-05-02T15:56:08.287Z", "dateUpdated": "2026-05-11T19:39:08.528Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T19:39:08.528Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode\n\nWhen CONFIG_FRAME_POINTER is unset, the stack unwinding function\nwalk_stackframe randomly reads the stack and then, when KASAN is enabled,\nit can lead to the following backtrace:\n\n[ 0.000000] ==================================================================\n[ 0.000000] BUG: KASAN: stack-out-of-bounds in walk_stackframe+0xa6/0x11a\n[ 0.000000] Read of size 8 at addr ffffffff81807c40 by task swapper/0\n[ 0.000000]\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.2.0-12919-g24203e6db61f #43\n[ 0.000000] Hardware name: riscv-virtio,qemu (DT)\n[ 0.000000] Call Trace:\n[ 0.000000] [<ffffffff80007ba8>] walk_stackframe+0x0/0x11a\n[ 0.000000] [<ffffffff80099ecc>] init_param_lock+0x26/0x2a\n[ 0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[ 0.000000] [<ffffffff80c49c80>] dump_stack_lvl+0x22/0x36\n[ 0.000000] [<ffffffff80c3783e>] print_report+0x198/0x4a8\n[ 0.000000] [<ffffffff80099ecc>] init_param_lock+0x26/0x2a\n[ 0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[ 0.000000] [<ffffffff8015f68a>] kasan_report+0x9a/0xc8\n[ 0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[ 0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[ 0.000000] [<ffffffff8006e99c>] desc_make_final+0x80/0x84\n[ 0.000000] [<ffffffff8009a04e>] stack_trace_save+0x88/0xa6\n[ 0.000000] [<ffffffff80099fc2>] filter_irq_stacks+0x72/0x76\n[ 0.000000] [<ffffffff8006b95e>] devkmsg_read+0x32a/0x32e\n[ 0.000000] [<ffffffff8015ec16>] kasan_save_stack+0x28/0x52\n[ 0.000000] [<ffffffff8006e998>] desc_make_final+0x7c/0x84\n[ 0.000000] [<ffffffff8009a04a>] stack_trace_save+0x84/0xa6\n[ 0.000000] [<ffffffff8015ec52>] kasan_set_track+0x12/0x20\n[ 0.000000] [<ffffffff8015f22e>] __kasan_slab_alloc+0x58/0x5e\n[ 0.000000] [<ffffffff8015e7ea>] __kmem_cache_create+0x21e/0x39a\n[ 0.000000] [<ffffffff80e133ac>] create_boot_cache+0x70/0x9c\n[ 0.000000] [<ffffffff80e17ab2>] kmem_cache_init+0x6c/0x11e\n[ 0.000000] [<ffffffff80e00fd6>] mm_init+0xd8/0xfe\n[ 0.000000] [<ffffffff80e011d8>] start_kernel+0x190/0x3ca\n[ 0.000000]\n[ 0.000000] The buggy address belongs to stack of task swapper/0\n[ 0.000000] and is located at offset 0 in frame:\n[ 0.000000] stack_trace_save+0x0/0xa6\n[ 0.000000]\n[ 0.000000] This frame has 1 object:\n[ 0.000000] [32, 56) 'c'\n[ 0.000000]\n[ 0.000000] The buggy address belongs to the physical page:\n[ 0.000000] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x81a07\n[ 0.000000] flags: 0x1000(reserved|zone=0)\n[ 0.000000] raw: 0000000000001000 ff600003f1e3d150 ff600003f1e3d150 0000000000000000\n[ 0.000000] raw: 0000000000000000 0000000000000000 00000001ffffffff\n[ 0.000000] page dumped because: kasan: bad access detected\n[ 0.000000]\n[ 0.000000] Memory state around the buggy address:\n[ 0.000000] ffffffff81807b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] ffffffff81807b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] >ffffffff81807c00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f3\n[ 0.000000] ^\n[ 0.000000] ffffffff81807c80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] ffffffff81807d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] ==================================================================\n\nFix that by using READ_ONCE_NOCHECK when reading the stack in imprecise\nmode."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/riscv/kernel/stacktrace.c"], "versions": [{"version": "5d8544e2d0075a5f3c9a2cf27152354d54360da1", "lessThan": "a99a61d9e1bfca2fc37d223a6a185c0eb66aba02", "status": "affected", "versionType": "git"}, {"version": "5d8544e2d0075a5f3c9a2cf27152354d54360da1", "lessThan": "3de277af481ab931fab9e295ad8762692920732a", "status": "affected", "versionType": "git"}, {"version": "5d8544e2d0075a5f3c9a2cf27152354d54360da1", "lessThan": "3a9418d2c93c1c86ce4d0595112d91c7a8e70c2c", "status": "affected", "versionType": "git"}, {"version": "5d8544e2d0075a5f3c9a2cf27152354d54360da1", "lessThan": "324912d6c0c4006711054d389faa2239c1655e1e", "status": "affected", "versionType": "git"}, {"version": "5d8544e2d0075a5f3c9a2cf27152354d54360da1", "lessThan": "17fa90ffba20743c946920fbb0afe160d0ead8c9", "status": "affected", "versionType": "git"}, {"version": "5d8544e2d0075a5f3c9a2cf27152354d54360da1", "lessThan": "76950340cf03b149412fe0d5f0810e52ac1df8cb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/riscv/kernel/stacktrace.c"], "versions": [{"version": "4.15", "status": "affected"}, {"version": "0", "lessThan": "4.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.237", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.175", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.103", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.20", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2.7", "lessThanOrEqual": "6.2.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "5.4.237"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "5.10.175"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "5.15.103"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.1.20"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.2.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a99a61d9e1bfca2fc37d223a6a185c0eb66aba02"}, {"url": "https://git.kernel.org/stable/c/3de277af481ab931fab9e295ad8762692920732a"}, {"url": "https://git.kernel.org/stable/c/3a9418d2c93c1c86ce4d0595112d91c7a8e70c2c"}, {"url": "https://git.kernel.org/stable/c/324912d6c0c4006711054d389faa2239c1655e1e"}, {"url": "https://git.kernel.org/stable/c/17fa90ffba20743c946920fbb0afe160d0ead8c9"}, {"url": "https://git.kernel.org/stable/c/76950340cf03b149412fe0d5f0810e52ac1df8cb"}], "title": "riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C307F17-DB4B-4969-90E7-0C6FD7266396", "versionEndExcluding": "5.4.237", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEA15466-227B-46FF-B5A8-1E8679056A83", "versionEndExcluding": "5.10.175", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A57CCEF-C453-48CE-9A6E-71A03C369F61", "versionEndExcluding": "5.15.103", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B22D8949-72A1-4CED-8318-A040635DEEBE", "versionEndExcluding": "6.1.20", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFEDDF17-189C-4901-BD6B-41752E80AAA4", "versionEndExcluding": "6.2.7", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "B8E3B0E8-FA27-4305-87BB-AF6C25B160CB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode\n\nWhen CONFIG_FRAME_POINTER is unset, the stack unwinding function\nwalk_stackframe randomly reads the stack and then, when KASAN is enabled,\nit can lead to the following backtrace:\n\n[ 0.000000] ==================================================================\n[ 0.000000] BUG: KASAN: stack-out-of-bounds in walk_stackframe+0xa6/0x11a\n[ 0.000000] Read of size 8 at addr ffffffff81807c40 by task swapper/0\n[ 0.000000]\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.2.0-12919-g24203e6db61f #43\n[ 0.000000] Hardware name: riscv-virtio,qemu (DT)\n[ 0.000000] Call Trace:\n[ 0.000000] [<ffffffff80007ba8>] walk_stackframe+0x0/0x11a\n[ 0.000000] [<ffffffff80099ecc>] init_param_lock+0x26/0x2a\n[ 0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[ 0.000000] [<ffffffff80c49c80>] dump_stack_lvl+0x22/0x36\n[ 0.000000] [<ffffffff80c3783e>] print_report+0x198/0x4a8\n[ 0.000000] [<ffffffff80099ecc>] init_param_lock+0x26/0x2a\n[ 0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[ 0.000000] [<ffffffff8015f68a>] kasan_report+0x9a/0xc8\n[ 0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[ 0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[ 0.000000] [<ffffffff8006e99c>] desc_make_final+0x80/0x84\n[ 0.000000] [<ffffffff8009a04e>] stack_trace_save+0x88/0xa6\n[ 0.000000] [<ffffffff80099fc2>] filter_irq_stacks+0x72/0x76\n[ 0.000000] [<ffffffff8006b95e>] devkmsg_read+0x32a/0x32e\n[ 0.000000] [<ffffffff8015ec16>] kasan_save_stack+0x28/0x52\n[ 0.000000] [<ffffffff8006e998>] desc_make_final+0x7c/0x84\n[ 0.000000] [<ffffffff8009a04a>] stack_trace_save+0x84/0xa6\n[ 0.000000] [<ffffffff8015ec52>] kasan_set_track+0x12/0x20\n[ 0.000000] [<ffffffff8015f22e>] __kasan_slab_alloc+0x58/0x5e\n[ 0.000000] [<ffffffff8015e7ea>] __kmem_cache_create+0x21e/0x39a\n[ 0.000000] [<ffffffff80e133ac>] create_boot_cache+0x70/0x9c\n[ 0.000000] [<ffffffff80e17ab2>] kmem_cache_init+0x6c/0x11e\n[ 0.000000] [<ffffffff80e00fd6>] mm_init+0xd8/0xfe\n[ 0.000000] [<ffffffff80e011d8>] start_kernel+0x190/0x3ca\n[ 0.000000]\n[ 0.000000] The buggy address belongs to stack of task swapper/0\n[ 0.000000] and is located at offset 0 in frame:\n[ 0.000000] stack_trace_save+0x0/0xa6\n[ 0.000000]\n[ 0.000000] This frame has 1 object:\n[ 0.000000] [32, 56) 'c'\n[ 0.000000]\n[ 0.000000] The buggy address belongs to the physical page:\n[ 0.000000] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x81a07\n[ 0.000000] flags: 0x1000(reserved|zone=0)\n[ 0.000000] raw: 0000000000001000 ff600003f1e3d150 ff600003f1e3d150 0000000000000000\n[ 0.000000] raw: 0000000000000000 0000000000000000 00000001ffffffff\n[ 0.000000] page dumped because: kasan: bad access detected\n[ 0.000000]\n[ 0.000000] Memory state around the buggy address:\n[ 0.000000] ffffffff81807b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] ffffffff81807b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] >ffffffff81807c00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f3\n[ 0.000000] ^\n[ 0.000000] ffffffff81807c80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] ffffffff81807d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] ==================================================================\n\nFix that by using READ_ONCE_NOCHECK when reading the stack in imprecise\nmode."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: Usar READ_ONCE_NOCHECK en modo de desenrollado de pila impreciso Cuando no se establece CONFIG_FRAME_POINTER, la funci\u00f3n de desenrollado de pila walk_stackframe lee la pila aleatoriamente y luego, cuando KASAN est\u00e1 habilitado, puede llevar al siguiente backtrace: [ 0.000000] ===================================================================== [ 0.000000] ERROR: KASAN: pila fuera de los l\u00edmites en walk_stackframe+0xa6/0x11a [ 0.000000] Lectura de tama\u00f1o 8 en la direcci\u00f3n ffffffff81807c40 por tarea swapper/0 [ 0.000000] [ 0.000000] CPU: 0 PID: 0 Comm: swapper No contaminado 6.2.0-12919-g24203e6db61f #43 [ 0.000000] Nombre del hardware: riscv-virtio,qemu (DT) [ 0.000000] Rastreo de llamadas: [ 0.000000] [] walk_stackframe+0x0/0x11a [ 0.000000] [] init_param_lock+0x26/0x2a [ 0.000000] [] walk_stackframe+0xa2/0x11a [ 0.000000] [] dump_stack_lvl+0x22/0x36 [ 0.000000] [] print_report+0x198/0x4a8 [ 0.000000] [] init_param_lock+0x26/0x2a [ 0.000000] [] walk_stackframe+0xa2/0x11a [ 0.000000] [] kasan_report+0x9a/0xc8 [ 0.000000] [] walk_stackframe+0xa2/0x11a [ 0.000000] [] walk_stackframe+0xa2/0x11a [ 0.000000] [] desc_make_final+0x80/0x84 [ 0.000000] [] stack_trace_save+0x88/0xa6 [ 0.000000] [] filter_irq_stacks+0x72/0x76 [ 0.000000] [] devkmsg_read+0x32a/0x32e [ 0.000000] [] kasan_save_stack+0x28/0x52 [ 0.000000] [] desc_make_final+0x7c/0x84 [ 0.000000] [] stack_trace_save+0x84/0xa6 [ 0.000000] [] kasan_set_track+0x12/0x20 [ 0.000000] [] __kasan_slab_alloc+0x58/0x5e [ 0.000000] [] __kmem_cache_create+0x21e/0x39a [ 0.000000] [] create_boot_cache+0x70/0x9c [ 0.000000] [] kmem_cache_init+0x6c/0x11e [ 0.000000] [] mm_init+0xd8/0xfe [ 0.000000] [] start_kernel+0x190/0x3ca [ 0.000000] [ 0.000000] The buggy address belongs to stack of task swapper/0 [ 0.000000] and is located at offset 0 in frame: [ 0.000000] stack_trace_save+0x0/0xa6 [ 0.000000] [ 0.000000] This frame has 1 object: [ 0.000000] [32, 56) 'c' [ 0.000000] [ 0.000000] The buggy address belongs to the physical page: [ 0.000000] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x81a07 [ 0.000000] flags: 0x1000(reserved|zone=0) [ 0.000000] raw: 0000000000001000 ff600003f1e3d150 ff600003f1e3d150 0000000000000000 [ 0.000000] raw: 0000000000000000 0000000000000000 00000001ffffffff [ 0.000000] page dumped because: kasan: bad access detected [ 0.000000] [ 0.000000] Memory state around the buggy address: [ 0.000000] ffffffff81807b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 0.000000] ffffffff81807b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 0.000000] &gt;ffffffff81807c00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f3 [ 0.000000] ^ [ 0.000000] ffffffff81807c80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 0.000000] ffffffff81807d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 0.000000] ================================================================== Solucione esto usando READ_ONCE_NOCHECK al leer la pila en modo impreciso."}], "id": "CVE-2023-53135", "lastModified": "2025-11-10T17:39:31.467", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-02T16:15:32.447", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/17fa90ffba20743c946920fbb0afe160d0ead8c9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/324912d6c0c4006711054d389faa2239c1655e1e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3a9418d2c93c1c86ce4d0595112d91c7a8e70c2c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3de277af481ab931fab9e295ad8762692920732a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/76950340cf03b149412fe0d5f0810e52ac1df8cb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a99a61d9e1bfca2fc37d223a6a185c0eb66aba02"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode", "id": "2363731", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363731"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nriscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode\nWhen CONFIG_FRAME_POINTER is unset, the stack unwinding function\nwalk_stackframe randomly reads the stack and then, when KASAN is enabled,\nit can lead to the following backtrace:\n[ 0.000000] ==================================================================\n[ 0.000000] BUG: KASAN: stack-out-of-bounds in walk_stackframe+0xa6/0x11a\n[ 0.000000] Read of size 8 at addr ffffffff81807c40 by task swapper/0\n[ 0.000000]\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.2.0-12919-g24203e6db61f #43\n[ 0.000000] Hardware name: riscv-virtio,qemu (DT)\n[ 0.000000] Call Trace:\n[ 0.000000] [<ffffffff80007ba8>] walk_stackframe+0x0/0x11a\n[ 0.000000] [<ffffffff80099ecc>] init_param_lock+0x26/0x2a\n[ 0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[ 0.000000] [<ffffffff80c49c80>] dump_stack_lvl+0x22/0x36\n[ 0.000000] [<ffffffff80c3783e>] print_report+0x198/0x4a8\n[ 0.000000] [<ffffffff80099ecc>] init_param_lock+0x26/0x2a\n[ 0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[ 0.000000] [<ffffffff8015f68a>] kasan_report+0x9a/0xc8\n[ 0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[ 0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[ 0.000000] [<ffffffff8006e99c>] desc_make_final+0x80/0x84\n[ 0.000000] [<ffffffff8009a04e>] stack_trace_save+0x88/0xa6\n[ 0.000000] [<ffffffff80099fc2>] filter_irq_stacks+0x72/0x76\n[ 0.000000] [<ffffffff8006b95e>] devkmsg_read+0x32a/0x32e\n[ 0.000000] [<ffffffff8015ec16>] kasan_save_stack+0x28/0x52\n[ 0.000000] [<ffffffff8006e998>] desc_make_final+0x7c/0x84\n[ 0.000000] [<ffffffff8009a04a>] stack_trace_save+0x84/0xa6\n[ 0.000000] [<ffffffff8015ec52>] kasan_set_track+0x12/0x20\n[ 0.000000] [<ffffffff8015f22e>] __kasan_slab_alloc+0x58/0x5e\n[ 0.000000] [<ffffffff8015e7ea>] __kmem_cache_create+0x21e/0x39a\n[ 0.000000] [<ffffffff80e133ac>] create_boot_cache+0x70/0x9c\n[ 0.000000] [<ffffffff80e17ab2>] kmem_cache_init+0x6c/0x11e\n[ 0.000000] [<ffffffff80e00fd6>] mm_init+0xd8/0xfe\n[ 0.000000] [<ffffffff80e011d8>] start_kernel+0x190/0x3ca\n[ 0.000000]\n[ 0.000000] The buggy address belongs to stack of task swapper/0\n[ 0.000000] and is located at offset 0 in frame:\n[ 0.000000] stack_trace_save+0x0/0xa6\n[ 0.000000]\n[ 0.000000] This frame has 1 object:\n[ 0.000000] [32, 56) 'c'\n[ 0.000000]\n[ 0.000000] The buggy address belongs to the physical page:\n[ 0.000000] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x81a07\n[ 0.000000] flags: 0x1000(reserved|zone=0)\n[ 0.000000] raw: 0000000000001000 ff600003f1e3d150 ff600003f1e3d150 0000000000000000\n[ 0.000000] raw: 0000000000000000 0000000000000000 00000001ffffffff\n[ 0.000000] page dumped because: kasan: bad access detected\n[ 0.000000]\n[ 0.000000] Memory state around the buggy address:\n[ 0.000000] ffffffff81807b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] ffffffff81807b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] >ffffffff81807c00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f3\n[ 0.000000] ^\n[ 0.000000] ffffffff81807c80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] ffffffff81807d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 0.000000] ==================================================================\nFix that by using READ_ONCE_NOCHECK when reading the stack in imprecise\nmode."], "name": "CVE-2023-53135", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-53135\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53135\nhttps://lore.kernel.org/linux-cve-announce/2025050236-CVE-2023-53135-3c65@gregkh/T"], "threat_severity": "Low"}

{"created": "2025-07-13T11:31:16.640718+00:00", "updated": "2025-07-13T11:31:16.640800+00:00", "vendors": ["linux", "linux$PRODUCT$linux"]}