{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53329","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-16T16:08:59.564Z","datePublished":"2025-09-16T16:12:05.196Z","dateUpdated":"2026-05-11T19:42:50.647Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:42:50.647Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nworkqueue: fix data race with the pwq->stats[] increment\n\nKCSAN has discovered a data race in kernel/workqueue.c:2598:\n\n[ 1863.554079] ==================================================================\n[ 1863.554118] BUG: KCSAN: data-race in process_one_work / process_one_work\n\n[ 1863.554142] write to 0xffff963d99d79998 of 8 bytes by task 5394 on cpu 27:\n[ 1863.554154] process_one_work (kernel/workqueue.c:2598)\n[ 1863.554166] worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2752)\n[ 1863.554177] kthread (kernel/kthread.c:389)\n[ 1863.554186] ret_from_fork (arch/x86/kernel/process.c:145)\n[ 1863.554197] ret_from_fork_asm (arch/x86/entry/entry_64.S:312)\n\n[ 1863.554213] read to 0xffff963d99d79998 of 8 bytes by task 5450 on cpu 12:\n[ 1863.554224] process_one_work (kernel/workqueue.c:2598)\n[ 1863.554235] worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2752)\n[ 1863.554247] kthread (kernel/kthread.c:389)\n[ 1863.554255] ret_from_fork (arch/x86/kernel/process.c:145)\n[ 1863.554266] ret_from_fork_asm (arch/x86/entry/entry_64.S:312)\n\n[ 1863.554280] value changed: 0x0000000000001766 -> 0x000000000000176a\n\n[ 1863.554295] Reported by Kernel Concurrency Sanitizer on:\n[ 1863.554303] CPU: 12 PID: 5450 Comm: kworker/u64:1 Tainted: G             L     6.5.0-rc6+ #44\n[ 1863.554314] Hardware name: ASRock X670E PG Lightning/X670E PG Lightning, BIOS 1.21 04/26/2023\n[ 1863.554322] Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]\n[ 1863.554941] ==================================================================\n\n    lockdep_invariant_state(true);\n→   pwq->stats[PWQ_STAT_STARTED]++;\n    trace_workqueue_execute_start(work);\n    worker->current_func(work);\n\nMoving pwq->stats[PWQ_STAT_STARTED]++; before the line\n\n    raw_spin_unlock_irq(&pool->lock);\n\nresolves the data race without performance penalty.\n\nKCSAN detected at least one additional data race:\n\n[  157.834751] ==================================================================\n[  157.834770] BUG: KCSAN: data-race in process_one_work / process_one_work\n\n[  157.834793] write to 0xffff9934453f77a0 of 8 bytes by task 468 on cpu 29:\n[  157.834804] process_one_work (/home/marvin/linux/kernel/linux_torvalds/kernel/workqueue.c:2606)\n[  157.834815] worker_thread (/home/marvin/linux/kernel/linux_torvalds/./include/linux/list.h:292 /home/marvin/linux/kernel/linux_torvalds/kernel/workqueue.c:2752)\n[  157.834826] kthread (/home/marvin/linux/kernel/linux_torvalds/kernel/kthread.c:389)\n[  157.834834] ret_from_fork (/home/marvin/linux/kernel/linux_torvalds/arch/x86/kernel/process.c:145)\n[  157.834845] ret_from_fork_asm (/home/marvin/linux/kernel/linux_torvalds/arch/x86/entry/entry_64.S:312)\n\n[  157.834859] read to 0xffff9934453f77a0 of 8 bytes by task 214 on cpu 7:\n[  157.834868] process_one_work (/home/marvin/linux/kernel/linux_torvalds/kernel/workqueue.c:2606)\n[  157.834879] worker_thread (/home/marvin/linux/kernel/linux_torvalds/./include/linux/list.h:292 /home/marvin/linux/kernel/linux_torvalds/kernel/workqueue.c:2752)\n[  157.834890] kthread (/home/marvin/linux/kernel/linux_torvalds/kernel/kthread.c:389)\n[  157.834897] ret_from_fork (/home/marvin/linux/kernel/linux_torvalds/arch/x86/kernel/process.c:145)\n[  157.834907] ret_from_fork_asm (/home/marvin/linux/kernel/linux_torvalds/arch/x86/entry/entry_64.S:312)\n\n[  157.834920] value changed: 0x000000000000052a -> 0x0000000000000532\n\n[  157.834933] Reported by Kernel Concurrency Sanitizer on:\n[  157.834941] CPU: 7 PID: 214 Comm: kworker/u64:2 Tainted: G             L     6.5.0-rc7-kcsan-00169-g81eaf55a60fc #4\n[  157.834951] Hardware name: ASRock X670E PG Lightning/X670E PG Lightning, BIOS 1.21 04/26/2023\n[  157.834958] Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]\n[  157.835567] ==================================================================\n\nin code:\n\n        trace_workqueue_execute_end(work, worker->current_func);\n→       pwq->stats[PWQ_STAT_COM\n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/workqueue.c"],"versions":[{"version":"725e8ec59c56c65fb92e343c10a8842cd0d4f194","lessThan":"ce55024f28589b0012fa2c6b5748ec5a180b7fbe","status":"affected","versionType":"git"},{"version":"725e8ec59c56c65fb92e343c10a8842cd0d4f194","lessThan":"fe48ba7daefe75bbbefa2426deddc05f2d530d2d","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/workqueue.c"],"versions":[{"version":"6.5","status":"affected"},{"version":"0","lessThan":"6.5","status":"unaffected","versionType":"semver"},{"version":"6.5.3","lessThanOrEqual":"6.5.*","status":"unaffected","versionType":"semver"},{"version":"6.6","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.5.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ce55024f28589b0012fa2c6b5748ec5a180b7fbe"},{"url":"https://git.kernel.org/stable/c/fe48ba7daefe75bbbefa2426deddc05f2d530d2d"}],"title":"workqueue: fix data race with the pwq->stats[] increment","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4.7,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"HIGH","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2023-53329","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2026-01-14T18:29:38.457870Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-362","description":"CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T18:32:59.529Z"}}]}}