{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53291","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-16T08:09:37.992Z","datePublished":"2025-09-16T08:11:23.666Z","dateUpdated":"2026-05-11T19:42:07.259Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:42:07.259Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nrcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale\n\nRunning the 'kfree_rcu_test' test case [1] results in a splat [2].\nThe root cause is the kfree_scale_thread thread(s) continue running\nafter unloading the rcuscale module.  This commit fixes that isue by\ninvoking kfree_scale_cleanup() from rcu_scale_cleanup() when removing\nthe rcuscale module.\n\n[1] modprobe rcuscale kfree_rcu_test=1\n    // After some time\n    rmmod rcuscale\n    rmmod torture\n\n[2] BUG: unable to handle page fault for address: ffffffffc0601a87\n    #PF: supervisor instruction fetch in kernel mode\n    #PF: error_code(0x0010) - not-present page\n    PGD 11de4f067 P4D 11de4f067 PUD 11de51067 PMD 112f4d067 PTE 0\n    Oops: 0010 [#1] PREEMPT SMP NOPTI\n    CPU: 1 PID: 1798 Comm: kfree_scale_thr Not tainted 6.3.0-rc1-rcu+ #1\n    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015\n    RIP: 0010:0xffffffffc0601a87\n    Code: Unable to access opcode bytes at 0xffffffffc0601a5d.\n    RSP: 0018:ffffb25bc2e57e18 EFLAGS: 00010297\n    RAX: 0000000000000000 RBX: ffffffffc061f0b6 RCX: 0000000000000000\n    RDX: 0000000000000000 RSI: ffffffff962fd0de RDI: ffffffff962fd0de\n    RBP: ffffb25bc2e57ea8 R08: 0000000000000000 R09: 0000000000000000\n    R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000\n    R13: 0000000000000000 R14: 000000000000000a R15: 00000000001c1dbe\n    FS:  0000000000000000(0000) GS:ffff921fa2200000(0000) knlGS:0000000000000000\n    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n    CR2: ffffffffc0601a5d CR3: 000000011de4c006 CR4: 0000000000370ee0\n    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n    DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n    Call Trace:\n     <TASK>\n     ? kvfree_call_rcu+0xf0/0x3a0\n     ? kthread+0xf3/0x120\n     ? kthread_complete_and_exit+0x20/0x20\n     ? ret_from_fork+0x1f/0x30\n     </TASK>\n    Modules linked in: rfkill sunrpc ... [last unloaded: torture]\n    CR2: ffffffffc0601a87\n    ---[ end trace 0000000000000000 ]---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/rcu/rcuscale.c"],"versions":[{"version":"e6e78b004fa7e0ab455d46d27f218bf6ce178a18","lessThan":"604d6a5ff718874904b0fe614878a42b42c0d699","status":"affected","versionType":"git"},{"version":"e6e78b004fa7e0ab455d46d27f218bf6ce178a18","lessThan":"f766d45ab294871a3d588ee76c666852f151cad9","status":"affected","versionType":"git"},{"version":"e6e78b004fa7e0ab455d46d27f218bf6ce178a18","lessThan":"b8a6ba524d41f4da102e65f90498d9a910839621","status":"affected","versionType":"git"},{"version":"e6e78b004fa7e0ab455d46d27f218bf6ce178a18","lessThan":"1dd7547c7610723b2b6afe1a3c4ddb2bde63387c","status":"affected","versionType":"git"},{"version":"e6e78b004fa7e0ab455d46d27f218bf6ce178a18","lessThan":"29b1da4f90fc42c91beb4e400d926194925ad31b","status":"affected","versionType":"git"},{"version":"e6e78b004fa7e0ab455d46d27f218bf6ce178a18","lessThan":"23fc8df26dead16687ae6eb47b0561a4a832e2f6","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/rcu/rcuscale.c"],"versions":[{"version":"5.6","status":"affected"},{"version":"0","lessThan":"5.6","status":"unaffected","versionType":"semver"},{"version":"5.10.188","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.121","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.39","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.3.13","lessThanOrEqual":"6.3.*","status":"unaffected","versionType":"semver"},{"version":"6.4.4","lessThanOrEqual":"6.4.*","status":"unaffected","versionType":"semver"},{"version":"6.5","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.10.188"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.15.121"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.1.39"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.3.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.4.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.5"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/604d6a5ff718874904b0fe614878a42b42c0d699"},{"url":"https://git.kernel.org/stable/c/f766d45ab294871a3d588ee76c666852f151cad9"},{"url":"https://git.kernel.org/stable/c/b8a6ba524d41f4da102e65f90498d9a910839621"},{"url":"https://git.kernel.org/stable/c/1dd7547c7610723b2b6afe1a3c4ddb2bde63387c"},{"url":"https://git.kernel.org/stable/c/29b1da4f90fc42c91beb4e400d926194925ad31b"},{"url":"https://git.kernel.org/stable/c/23fc8df26dead16687ae6eb47b0561a4a832e2f6"}],"title":"rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2023-53291","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2026-01-14T18:11:07.607544Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","description":"CWE-noinfo Not enough information"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T18:12:56.096Z"}}]}}