CVE-2023-53577 | bpf, cpumap: Make sure kthread is running before map update returns

In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Make sure kthread is running before map update returns The following warning was reported when running stress-mode enabled xdp_redirect_cpu with some RT threads: ------------[ cut here ]------------ WARNING: CPU: 4 PID: 65 at kernel/bpf/cpumap.c:135 CPU: 4 PID: 65 Comm: kworker/4:1 Not tainted 6.5.0-rc2+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Workqueue: events cpu_map_kthread_stop RIP: 0010:put_cpu_map_entry+0xda/0x220 ...... Call Trace: <TASK> ? show_regs+0x65/0x70 ? __warn+0xa5/0x240 ...... ? put_cpu_map_entry+0xda/0x220 cpu_map_kthread_stop+0x41/0x60 process_one_work+0x6b0/0xb80 worker_thread+0x96/0x720 kthread+0x1a5/0x1f0 ret_from_fork+0x3a/0x70 ret_from_fork_asm+0x1b/0x30 </TASK> The root cause is the same as commit 436901649731 ("bpf: cpumap: Fix memory leak in cpu_map_update_elem"). The kthread is stopped prematurely by kthread_stop() in cpu_map_kthread_stop(), and kthread() doesn't call cpu_map_kthread_run() at all but XDP program has already queued some frames or skbs into ptr_ring. So when __cpu_map_ring_cleanup() checks the ptr_ring, it will find it was not emptied and report a warning. An alternative fix is to use __cpu_map_ring_cleanup() to drop these pending frames or skbs when kthread_stop() returns -EINTR, but it may confuse the user, because these frames or skbs have been handled correctly by XDP program. So instead of dropping these frames or skbs, just make sure the per-cpu kthread is running before __cpu_map_entry_alloc() returns. After apply the fix, the error handle for kthread_stop() will be unnecessary because it will always return 0, so just remove it.

Published: 2025-10-04 Last update: 2026-03-23 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD Status:AnalyzedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2023-53577 is rated Low Risk (32.3/100): CVSS High severity, with low exploitation likelihood (EPSS 0.02%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2023-53577

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-10-05 0.02%

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2023-53577

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.8 3.1 HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 1.8 5.9 [email protected]

Weakness enumeration for CVE-2023-53577

OS Trackers for CVE-2023-53577

vendor priority summary link
debian not yet assigned CVE-2023-53577 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 4, open 1. https://security-tracker.debian.org/tracker/CVE-2023-53577
redhat low https://access.redhat.com/security/cve/CVE-2023-53577
suse medium CVE-2023-53577 severity moderate: SUSE including 450 source package names (2.1.3-6.88:kernel-default-base-6.4.0-36.1.21.13, 2.1.3-7.105:kernel-rt-6.4.0-38.1, …), 823 product×package rows across 164 product lines (Container suse/sl-micro/6.0/base-os-container, Container suse/sl-micro/6.0/kvm-os-container, … (164 product lines)): Fixed 491, Known Affected 231, Known Not Affected 84, Will Not Fix 17. https://www.suse.com/security/cve/CVE-2023-53577/
ubuntu medium CVE-2023-53577 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1414 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1017, ignored 159, released 116, not-affected 84, needed 37, needs-triage 1. https://ubuntu.com/security/CVE-2023-53577

Affected software / configurations for CVE-2023-53577

Vendor Product Version Raw CPE
linux linux_kernel >= 4.15, < 5.15.126 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 5.16, < 6.1.45 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 6.2, < 6.4.10 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel 6.5 cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*
linux linux_kernel 6.5 cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*
linux linux_kernel 6.5 cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*
linux linux_kernel 6.5 cpe:2.3:o:linux:linux_kernel:6.5:rc4:*:*:*:*:*:*

References for CVE-2023-53577

cvelogic Threat Intelligence