{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53169","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-15T13:59:19.063Z","datePublished":"2025-09-15T14:04:02.395Z","dateUpdated":"2026-05-11T19:39:36.360Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:39:36.360Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/resctrl: Clear staged_config[] before and after it is used\n\nAs a temporary storage, staged_config[] in rdt_domain should be cleared\nbefore and after it is used. The stale value in staged_config[] could\ncause an MSR access error.\n\nHere is a reproducer on a system with 16 usable CLOSIDs for a 15-way L3\nCache (MBA should be disabled if the number of CLOSIDs for MB is less than\n16.) :\n\tmount -t resctrl resctrl -o cdp /sys/fs/resctrl\n\tmkdir /sys/fs/resctrl/p{1..7}\n\tumount /sys/fs/resctrl/\n\tmount -t resctrl resctrl /sys/fs/resctrl\n\tmkdir /sys/fs/resctrl/p{1..8}\n\nAn error occurs when creating resource group named p8:\n    unchecked MSR access error: WRMSR to 0xca0 (tried to write 0x00000000000007ff) at rIP: 0xffffffff82249142 (cat_wrmsr+0x32/0x60)\n    Call Trace:\n     <IRQ>\n     __flush_smp_call_function_queue+0x11d/0x170\n     __sysvec_call_function+0x24/0xd0\n     sysvec_call_function+0x89/0xc0\n     </IRQ>\n     <TASK>\n     asm_sysvec_call_function+0x16/0x20\n\nWhen creating a new resource control group, hardware will be configured\nby the following process:\n    rdtgroup_mkdir()\n      rdtgroup_mkdir_ctrl_mon()\n        rdtgroup_init_alloc()\n          resctrl_arch_update_domains()\n\nresctrl_arch_update_domains() iterates and updates all resctrl_conf_type\nwhose have_new_ctrl is true. Since staged_config[] holds the same values as\nwhen CDP was enabled, it will continue to update the CDP_CODE and CDP_DATA\nconfigurations. When group p8 is created, get_config_index() called in\nresctrl_arch_update_domains() will return 16 and 17 as the CLOSIDs for\nCDP_CODE and CDP_DATA, which will be translated to an invalid register -\n0xca0 in this scenario.\n\nFix it by clearing staged_config[] before and after it is used.\n\n[reinette: re-order commit tags]"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/x86/kernel/cpu/resctrl/ctrlmondata.c","arch/x86/kernel/cpu/resctrl/internal.h","arch/x86/kernel/cpu/resctrl/rdtgroup.c"],"versions":[{"version":"75408e43509ed6207870c0e7e28656acbbc1f7fd","lessThan":"86db319d25db70cf4af4557e05f6fa6f39c70003","status":"affected","versionType":"git"},{"version":"75408e43509ed6207870c0e7e28656acbbc1f7fd","lessThan":"3fc5941ecc31a495b6b84b465f36155009db99b5","status":"affected","versionType":"git"},{"version":"75408e43509ed6207870c0e7e28656acbbc1f7fd","lessThan":"8ecc60ef9318f0d533b866fa421858cc185bccfc","status":"affected","versionType":"git"},{"version":"75408e43509ed6207870c0e7e28656acbbc1f7fd","lessThan":"0424a7dfe9129b93f29b277511a60e87f052ac6b","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/x86/kernel/cpu/resctrl/ctrlmondata.c","arch/x86/kernel/cpu/resctrl/internal.h","arch/x86/kernel/cpu/resctrl/rdtgroup.c"],"versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","status":"unaffected","versionType":"semver"},{"version":"5.15.104","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.21","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2.8","lessThanOrEqual":"6.2.*","status":"unaffected","versionType":"semver"},{"version":"6.3","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.104"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.1.21"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.2.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/86db319d25db70cf4af4557e05f6fa6f39c70003"},{"url":"https://git.kernel.org/stable/c/3fc5941ecc31a495b6b84b465f36155009db99b5"},{"url":"https://git.kernel.org/stable/c/8ecc60ef9318f0d533b866fa421858cc185bccfc"},{"url":"https://git.kernel.org/stable/c/0424a7dfe9129b93f29b277511a60e87f052ac6b"}],"title":"x86/resctrl: Clear staged_config[] before and after it is used","x_generator":{"engine":"bippy-1.2.0"}}}}