CVE-2023-54160 | firmware: arm_sdei: Fix sleep from invalid context BUG

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_sdei: Fix sleep from invalid context BUG Running a preempt-rt (v6.2-rc3-rt1) based kernel on an Ampere Altra triggers: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46 in_atomic(): 0, irqs_disabled(): 128, non_block: 0, pid: 24, name: cpuhp/0 preempt_count: 0, expected: 0 RCU nest depth: 0, expected: 0 3 locks held by cpuhp/0/24: #0: ffffda30217c70d0 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x5c/0x248 #1: ffffda30217c7120 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x5c/0x248 #2: ffffda3021c711f0 (sdei_list_lock){....}-{3:3}, at: sdei_cpuhp_up+0x3c/0x130 irq event stamp: 36 hardirqs last enabled at (35): [<ffffda301e85b7bc>] finish_task_switch+0xb4/0x2b0 hardirqs last disabled at (36): [<ffffda301e812fec>] cpuhp_thread_fun+0x21c/0x248 softirqs last enabled at (0): [<ffffda301e80b184>] copy_process+0x63c/0x1ac0 softirqs last disabled at (0): [<0000000000000000>] 0x0 CPU: 0 PID: 24 Comm: cpuhp/0 Not tainted 5.19.0-rc3-rt5-[...] Hardware name: WIWYNN Mt.Jade Server [...] Call trace: dump_backtrace+0x114/0x120 show_stack+0x20/0x70 dump_stack_lvl+0x9c/0xd8 dump_stack+0x18/0x34 __might_resched+0x188/0x228 rt_spin_lock+0x70/0x120 sdei_cpuhp_up+0x3c/0x130 cpuhp_invoke_callback+0x250/0xf08 cpuhp_thread_fun+0x120/0x248 smpboot_thread_fn+0x280/0x320 kthread+0x130/0x140 ret_from_fork+0x10/0x20 sdei_cpuhp_up() is called in the STARTING hotplug section, which runs with interrupts disabled. Use a CPUHP_AP_ONLINE_DYN entry instead to execute the cpuhp cb later, with preemption enabled. SDEI originally got its own cpuhp slot to allow interacting with perf. It got superseded by pNMI and this early slot is not relevant anymore. [1] Some SDEI calls (e.g. SDEI_1_0_FN_SDEI_PE_MASK) take actions on the calling CPU. It is checked that preemption is disabled for them. _ONLINE cpuhp cb are executed in the 'per CPU hotplug thread'. Preemption is enabled in those threads, but their cpumask is limited to 1 CPU. Move 'WARN_ON_ONCE(preemptible())' statements so that SDEI cpuhp cb don't trigger them. Also add a check for the SDEI_1_0_FN_SDEI_PRIVATE_RESET SDEI call which acts on the calling CPU. [1]: https://lore.kernel.org/all/[email protected]/

公開: 2025-12-24 最終更新: 2026-06-17 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 ソース: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

総合評価: CVE-2023-54160 は低リスク(7/100)。悪用される可能性が高い(EPSS 0.17%、7 パーセンタイル) 推奨対応: 総合リスクは低く緊急対応は不要です。通常の保守サイクルでパッチを適用し、CVSS / EPSS が上昇したら優先度を見直してください。

リスクは変動します。再評価に基づき、本ページの表示内容を更新しています。

CVE-2023-54160 の EPSS(Exploit Prediction Scoring System)スコア

EPSS は日次で悪用されやすさの相対度合いを推定します。パーセンタイルは採点済み CVE の中での相対位置(高いほど相対的に深刻)を示します。

# 日付 旧 EPSS スコア 新 EPSS スコア Δ(新 − 旧)
1 2026-06-15 0.02% 0.17% +0.15%
2 2025-12-25 0.02%

EPSS の全履歴 (全 2 件)

CVE-2023-54160 の CVSS(Common Vulnerability Scoring System)指標

この CVE の CVSS 指標。

この CVE のデータセットに CVSS はありません。

CVE-2023-54160 の弱点分類(列挙)

CVE-2023-54160 の OS トラッカー

vendor priority summary link
debian not yet assigned CVE-2023-54160 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2023-54160
redhat low https://access.redhat.com/security/cve/CVE-2023-54160
suse medium CVE-2023-54160 severity moderate: SUSE including 25 source package names (cluster-md-kmp-default, dlm-kmp-default, …), 170 product×package rows across 34 product lines (SUSE Linux Enterprise High Availability Extension 15 SP6, SUSE Linux Enterprise High Availability Extension 15 SP7, … (34 product lines)): Known Not Affected 153, Will Not Fix 17. https://www.suse.com/security/cve/CVE-2023-54160/
ubuntu medium CVE-2023-54160 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 177, released 133, not-affected 64, needed 20, needs-triage 1. https://ubuntu.com/security/CVE-2023-54160

CVE-2023-54160 の影響を受けるソフトウェア/構成

ベンダー 製品 バージョン 生の CPE
linux linux_kernel >= 4.16, < 4.19.284 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 4.16, < 5.4.244 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 4.16, < 5.10.181 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 4.16, < 5.15.113 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 4.16, < 6.1.30 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 4.16, < 6.3.4 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 4.16, < 6.4 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CVE-2023-54160 の参考情報

cvelogic Threat Intelligence