In the Linux kernel, the following vulnerability has been resolved: igb: revert rtnl_lock() that causes deadlock The commit 6faee3d4ee8b ("igb: Add lock to avoid data race") adds rtnl_lock to eliminate a false data race shown below (FREE from device detaching) | (USE from netdev core) igb_remove | igb_ndo_get_vf_config igb_disable_sriov | vf >= adapter->vfs_allocated_count? kfree(adapter->vf_data) | adapter->vfs_allocated_count = 0 | | memcpy(... adapter->vf_data[vf] The above race will never happen and the extra rtnl_lock causes deadlock below [ 141.420169] <TASK> [ 141.420672] __schedule+0x2dd/0x840 [ 141.421427] schedule+0x50/0xc0 [ 141.422041] schedule_preempt_disabled+0x11/0x20 [ 141.422678] __mutex_lock.isra.13+0x431/0x6b0 [ 141.423324] unregister_netdev+0xe/0x20 [ 141.423578] igbvf_remove+0x45/0xe0 [igbvf] [ 141.423791] pci_device_remove+0x36/0xb0 [ 141.423990] device_release_driver_internal+0xc1/0x160 [ 141.424270] pci_stop_bus_device+0x6d/0x90 [ 141.424507] pci_stop_and_remove_bus_device+0xe/0x20 [ 141.424789] pci_iov_remove_virtfn+0xba/0x120 [ 141.425452] sriov_disable+0x2f/0xf0 [ 141.425679] igb_disable_sriov+0x4e/0x100 [igb] [ 141.426353] igb_remove+0xa0/0x130 [igb] [ 141.426599] pci_device_remove+0x36/0xb0 [ 141.426796] device_release_driver_internal+0xc1/0x160 [ 141.427060] driver_detach+0x44/0x90 [ 141.427253] bus_remove_driver+0x55/0xe0 [ 141.427477] pci_unregister_driver+0x2a/0xa0 [ 141.428296] __x64_sys_delete_module+0x141/0x2b0 [ 141.429126] ? mntput_no_expire+0x4a/0x240 [ 141.429363] ? syscall_trace_enter.isra.19+0x126/0x1a0 [ 141.429653] do_syscall_64+0x5b/0x80 [ 141.429847] ? exit_to_user_mode_prepare+0x14d/0x1c0 [ 141.430109] ? syscall_exit_to_user_mode+0x12/0x30 [ 141.430849] ? do_syscall_64+0x67/0x80 [ 141.431083] ? syscall_exit_to_user_mode_prepare+0x183/0x1b0 [ 141.431770] ? syscall_exit_to_user_mode+0x12/0x30 [ 141.432482] ? do_syscall_64+0x67/0x80 [ 141.432714] ? exc_page_fault+0x64/0x140 [ 141.432911] entry_SYSCALL_64_after_hwframe+0x72/0xdc Since the igb_disable_sriov() will call pci_disable_sriov() before releasing any resources, the netdev core will synchronize the cleanup to avoid any races. This patch removes the useless rtnl_(un)lock to guarantee correctness.
Conclusion & alert: CVE-2023-53060 is rated Low Risk (22.9/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.12%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.02% | 0.12% | +0.10% |
| 2 | 2025-05-03 | — | 0.02% | — |
Full EPSS history (2 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 5.5 | 3.1 | MEDIUM |
|
1.8 | 3.6 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2023-53060 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2023-53060 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2023-53060 |
suse
|
medium | — | https://www.suse.com/security/cve/CVE-2023-53060/ |
ubuntu
|
medium | CVE-2023-53060 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1551 status rows across 10 suites (bionic, focal, jammy, noble, oracular, plucky, questing, trusty, upstream, xenial): DNE 1145, ignored 147, released 142, not-affected 101, needed 15, needs-triage 1. | https://ubuntu.com/security/CVE-2023-53060 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| linux | linux_kernel | >= 4.14.291, < 4.14.312 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 4.19.256, < 4.19.280 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 5.4.211, < 5.4.240 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 5.10.138, < 5.10.177 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 5.15.63, < 5.15.105 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 5.19.4, < 6.0 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.0.1, < 6.1.22 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.2, < 6.2.9 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | 6.0 | cpe:2.3:o:linux:linux_kernel:6.0:-:*:*:*:*:*:* |
| linux | linux_kernel | 6.0 | cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:* |
| linux | linux_kernel | 6.0 | cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:* |
| linux | linux_kernel | 6.0 | cpe:2.3:o:linux:linux_kernel:6.0:rc4:*:*:*:*:*:* |
| linux | linux_kernel | 6.0 | cpe:2.3:o:linux:linux_kernel:6.0:rc5:*:*:*:*:*:* |
| linux | linux_kernel | 6.0 | cpe:2.3:o:linux:linux_kernel:6.0:rc6:*:*:*:*:*:* |
| linux | linux_kernel | 6.0 | cpe:2.3:o:linux:linux_kernel:6.0:rc7:*:*:*:*:*:* |
| linux | linux_kernel | 6.3 | cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:* |
| linux | linux_kernel | 6.3 | cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:* |
| linux | linux_kernel | 6.3 | cpe:2.3:o:linux:linux_kernel:6.3:rc3:*:*:*:*:*:* |