{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53135","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-05-02T15:51:43.561Z","datePublished":"2025-05-02T15:56:08.287Z","dateUpdated":"2026-05-11T19:39:08.528Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:39:08.528Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode\n\nWhen CONFIG_FRAME_POINTER is unset, the stack unwinding function\nwalk_stackframe randomly reads the stack and then, when KASAN is enabled,\nit can lead to the following backtrace:\n\n[    0.000000] ==================================================================\n[    0.000000] BUG: KASAN: stack-out-of-bounds in walk_stackframe+0xa6/0x11a\n[    0.000000] Read of size 8 at addr ffffffff81807c40 by task swapper/0\n[    0.000000]\n[    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.2.0-12919-g24203e6db61f #43\n[    0.000000] Hardware name: riscv-virtio,qemu (DT)\n[    0.000000] Call Trace:\n[    0.000000] [<ffffffff80007ba8>] walk_stackframe+0x0/0x11a\n[    0.000000] [<ffffffff80099ecc>] init_param_lock+0x26/0x2a\n[    0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[    0.000000] [<ffffffff80c49c80>] dump_stack_lvl+0x22/0x36\n[    0.000000] [<ffffffff80c3783e>] print_report+0x198/0x4a8\n[    0.000000] [<ffffffff80099ecc>] init_param_lock+0x26/0x2a\n[    0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[    0.000000] [<ffffffff8015f68a>] kasan_report+0x9a/0xc8\n[    0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[    0.000000] [<ffffffff80007c4a>] walk_stackframe+0xa2/0x11a\n[    0.000000] [<ffffffff8006e99c>] desc_make_final+0x80/0x84\n[    0.000000] [<ffffffff8009a04e>] stack_trace_save+0x88/0xa6\n[    0.000000] [<ffffffff80099fc2>] filter_irq_stacks+0x72/0x76\n[    0.000000] [<ffffffff8006b95e>] devkmsg_read+0x32a/0x32e\n[    0.000000] [<ffffffff8015ec16>] kasan_save_stack+0x28/0x52\n[    0.000000] [<ffffffff8006e998>] desc_make_final+0x7c/0x84\n[    0.000000] [<ffffffff8009a04a>] stack_trace_save+0x84/0xa6\n[    0.000000] [<ffffffff8015ec52>] kasan_set_track+0x12/0x20\n[    0.000000] [<ffffffff8015f22e>] __kasan_slab_alloc+0x58/0x5e\n[    0.000000] [<ffffffff8015e7ea>] __kmem_cache_create+0x21e/0x39a\n[    0.000000] [<ffffffff80e133ac>] create_boot_cache+0x70/0x9c\n[    0.000000] [<ffffffff80e17ab2>] kmem_cache_init+0x6c/0x11e\n[    0.000000] [<ffffffff80e00fd6>] mm_init+0xd8/0xfe\n[    0.000000] [<ffffffff80e011d8>] start_kernel+0x190/0x3ca\n[    0.000000]\n[    0.000000] The buggy address belongs to stack of task swapper/0\n[    0.000000]  and is located at offset 0 in frame:\n[    0.000000]  stack_trace_save+0x0/0xa6\n[    0.000000]\n[    0.000000] This frame has 1 object:\n[    0.000000]  [32, 56) 'c'\n[    0.000000]\n[    0.000000] The buggy address belongs to the physical page:\n[    0.000000] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x81a07\n[    0.000000] flags: 0x1000(reserved|zone=0)\n[    0.000000] raw: 0000000000001000 ff600003f1e3d150 ff600003f1e3d150 0000000000000000\n[    0.000000] raw: 0000000000000000 0000000000000000 00000001ffffffff\n[    0.000000] page dumped because: kasan: bad access detected\n[    0.000000]\n[    0.000000] Memory state around the buggy address:\n[    0.000000]  ffffffff81807b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[    0.000000]  ffffffff81807b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[    0.000000] >ffffffff81807c00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f3\n[    0.000000]                                            ^\n[    0.000000]  ffffffff81807c80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00\n[    0.000000]  ffffffff81807d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[    0.000000] ==================================================================\n\nFix that by using READ_ONCE_NOCHECK when reading the stack in imprecise\nmode."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/riscv/kernel/stacktrace.c"],"versions":[{"version":"5d8544e2d0075a5f3c9a2cf27152354d54360da1","lessThan":"a99a61d9e1bfca2fc37d223a6a185c0eb66aba02","status":"affected","versionType":"git"},{"version":"5d8544e2d0075a5f3c9a2cf27152354d54360da1","lessThan":"3de277af481ab931fab9e295ad8762692920732a","status":"affected","versionType":"git"},{"version":"5d8544e2d0075a5f3c9a2cf27152354d54360da1","lessThan":"3a9418d2c93c1c86ce4d0595112d91c7a8e70c2c","status":"affected","versionType":"git"},{"version":"5d8544e2d0075a5f3c9a2cf27152354d54360da1","lessThan":"324912d6c0c4006711054d389faa2239c1655e1e","status":"affected","versionType":"git"},{"version":"5d8544e2d0075a5f3c9a2cf27152354d54360da1","lessThan":"17fa90ffba20743c946920fbb0afe160d0ead8c9","status":"affected","versionType":"git"},{"version":"5d8544e2d0075a5f3c9a2cf27152354d54360da1","lessThan":"76950340cf03b149412fe0d5f0810e52ac1df8cb","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/riscv/kernel/stacktrace.c"],"versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","status":"unaffected","versionType":"semver"},{"version":"5.4.237","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.175","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.103","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.20","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2.7","lessThanOrEqual":"6.2.*","status":"unaffected","versionType":"semver"},{"version":"6.3","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.4.237"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.10.175"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.15.103"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.1.20"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.2.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a99a61d9e1bfca2fc37d223a6a185c0eb66aba02"},{"url":"https://git.kernel.org/stable/c/3de277af481ab931fab9e295ad8762692920732a"},{"url":"https://git.kernel.org/stable/c/3a9418d2c93c1c86ce4d0595112d91c7a8e70c2c"},{"url":"https://git.kernel.org/stable/c/324912d6c0c4006711054d389faa2239c1655e1e"},{"url":"https://git.kernel.org/stable/c/17fa90ffba20743c946920fbb0afe160d0ead8c9"},{"url":"https://git.kernel.org/stable/c/76950340cf03b149412fe0d5f0810e52ac1df8cb"}],"title":"riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode","x_generator":{"engine":"bippy-1.2.0"}}}}