CVE-2023-54160 - Vulnerability Details

Vendors	Products
Linux	Linux Kernel

Link	Providers
https://git.kernel.org/stable/c/18d5ea5b746120a3972e6c347ad9428228445327
https://git.kernel.org/stable/c/48ac727ea4a3577eb1b4e24f807ba532c47930f9
https://git.kernel.org/stable/c/59842a9ba27d5390ae5bf3233a92cad3a26d495c
https://git.kernel.org/stable/c/66caf22787714c925e755719c293aaf3cb0b873b
https://git.kernel.org/stable/c/7d8f5ccc826b39e05ff252b1fccd808c7a0725e0
https://git.kernel.org/stable/c/a8267bc8de736cae927165191b52fbc20d101dd1
https://git.kernel.org/stable/c/d2c48b2387eb89e0bf2a2e06e30987cf410acad4

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: firmware: arm_sdei: Fix sleep from invalid context BUG Running a preempt-rt (v6.2-rc3-rt1) based kernel on an Ampere Altra triggers: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46 in_atomic(): 0, irqs_disabled(): 128, non_block: 0, pid: 24, name: cpuhp/0 preempt_count: 0, expected: 0 RCU nest depth: 0, expected: 0 3 locks held by cpuhp/0/24: #0: ffffda30217c70d0 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x5c/0x248 #1: ffffda30217c7120 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x5c/0x248 #2: ffffda3021c711f0 (sdei_list_lock){....}-{3:3}, at: sdei_cpuhp_up+0x3c/0x130 irq event stamp: 36 hardirqs last enabled at (35): [<ffffda301e85b7bc>] finish_task_switch+0xb4/0x2b0 hardirqs last disabled at (36): [<ffffda301e812fec>] cpuhp_thread_fun+0x21c/0x248 softirqs last enabled at (0): [<ffffda301e80b184>] copy_process+0x63c/0x1ac0 softirqs last disabled at (0): [<0000000000000000>] 0x0 CPU: 0 PID: 24 Comm: cpuhp/0 Not tainted 5.19.0-rc3-rt5-[...] Hardware name: WIWYNN Mt.Jade Server [...] Call trace: dump_backtrace+0x114/0x120 show_stack+0x20/0x70 dump_stack_lvl+0x9c/0xd8 dump_stack+0x18/0x34 __might_resched+0x188/0x228 rt_spin_lock+0x70/0x120 sdei_cpuhp_up+0x3c/0x130 cpuhp_invoke_callback+0x250/0xf08 cpuhp_thread_fun+0x120/0x248 smpboot_thread_fn+0x280/0x320 kthread+0x130/0x140 ret_from_fork+0x10/0x20 sdei_cpuhp_up() is called in the STARTING hotplug section, which runs with interrupts disabled. Use a CPUHP_AP_ONLINE_DYN entry instead to execute the cpuhp cb later, with preemption enabled. SDEI originally got its own cpuhp slot to allow interacting with perf. It got superseded by pNMI and this early slot is not relevant anymore. [1] Some SDEI calls (e.g. SDEI_1_0_FN_SDEI_PE_MASK) take actions on the calling CPU. It is checked that preemption is disabled for them. _ONLINE cpuhp cb are executed in the 'per CPU hotplug thread'. Preemption is enabled in those threads, but their cpumask is limited to 1 CPU. Move 'WARN_ON_ONCE(preemptible())' statements so that SDEI cpuhp cb don't trigger them. Also add a check for the SDEI_1_0_FN_SDEI_PRIVATE_RESET SDEI call which acts on the calling CPU. [1]: https://lore.kernel.org/all/5813b8c5-ae3e-87fd-fccc-94c9cd08816d@arm.com/
Title		firmware: arm_sdei: Fix sleep from invalid context BUG
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/18d5ea5b746120a3972e6c347ad9428228445327 https://git.kernel.org/stable/c/48ac727ea4a3577eb1b4e24f807ba532c47930f9 https://git.kernel.org/stable/c/59842a9ba27d5390ae5bf3233a92cad3a26d495c https://git.kernel.org/stable/c/66caf22787714c925e755719c293aaf3cb0b873b https://git.kernel.org/stable/c/7d8f5ccc826b39e05ff252b1fccd808c7a0725e0 https://git.kernel.org/stable/c/a8267bc8de736cae927165191b52fbc20d101dd1 https://git.kernel.org/stable/c/d2c48b2387eb89e0bf2a2e06e30987cf410acad4

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-54160", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-24T13:02:52.531Z", "datePublished": "2025-12-24T13:07:08.883Z", "dateUpdated": "2025-12-24T13:07:08.883Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-24T13:07:08.883Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_sdei: Fix sleep from invalid context BUG\n\nRunning a preempt-rt (v6.2-rc3-rt1) based kernel on an Ampere Altra\ntriggers:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46\n in_atomic(): 0, irqs_disabled(): 128, non_block: 0, pid: 24, name: cpuhp/0\n preempt_count: 0, expected: 0\n RCU nest depth: 0, expected: 0\n 3 locks held by cpuhp/0/24:\n #0: ffffda30217c70d0 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x5c/0x248\n #1: ffffda30217c7120 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x5c/0x248\n #2: ffffda3021c711f0 (sdei_list_lock){....}-{3:3}, at: sdei_cpuhp_up+0x3c/0x130\n irq event stamp: 36\n hardirqs last enabled at (35): [<ffffda301e85b7bc>] finish_task_switch+0xb4/0x2b0\n hardirqs last disabled at (36): [<ffffda301e812fec>] cpuhp_thread_fun+0x21c/0x248\n softirqs last enabled at (0): [<ffffda301e80b184>] copy_process+0x63c/0x1ac0\n softirqs last disabled at (0): [<0000000000000000>] 0x0\n CPU: 0 PID: 24 Comm: cpuhp/0 Not tainted 5.19.0-rc3-rt5-[...]\n Hardware name: WIWYNN Mt.Jade Server [...]\n Call trace:\n dump_backtrace+0x114/0x120\n show_stack+0x20/0x70\n dump_stack_lvl+0x9c/0xd8\n dump_stack+0x18/0x34\n __might_resched+0x188/0x228\n rt_spin_lock+0x70/0x120\n sdei_cpuhp_up+0x3c/0x130\n cpuhp_invoke_callback+0x250/0xf08\n cpuhp_thread_fun+0x120/0x248\n smpboot_thread_fn+0x280/0x320\n kthread+0x130/0x140\n ret_from_fork+0x10/0x20\n\nsdei_cpuhp_up() is called in the STARTING hotplug section,\nwhich runs with interrupts disabled. Use a CPUHP_AP_ONLINE_DYN entry\ninstead to execute the cpuhp cb later, with preemption enabled.\n\nSDEI originally got its own cpuhp slot to allow interacting\nwith perf. It got superseded by pNMI and this early slot is not\nrelevant anymore. [1]\n\nSome SDEI calls (e.g. SDEI_1_0_FN_SDEI_PE_MASK) take actions on the\ncalling CPU. It is checked that preemption is disabled for them.\n_ONLINE cpuhp cb are executed in the 'per CPU hotplug thread'.\nPreemption is enabled in those threads, but their cpumask is limited\nto 1 CPU.\nMove 'WARN_ON_ONCE(preemptible())' statements so that SDEI cpuhp cb\ndon't trigger them.\n\nAlso add a check for the SDEI_1_0_FN_SDEI_PRIVATE_RESET SDEI call\nwhich acts on the calling CPU.\n\n[1]:\nhttps://lore.kernel.org/all/5813b8c5-ae3e-87fd-fccc-94c9cd08816d@arm.com/"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/arm_sdei.c", "include/linux/cpuhotplug.h"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "59842a9ba27d5390ae5bf3233a92cad3a26d495c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "48ac727ea4a3577eb1b4e24f807ba532c47930f9", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "7d8f5ccc826b39e05ff252b1fccd808c7a0725e0", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "66caf22787714c925e755719c293aaf3cb0b873b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "a8267bc8de736cae927165191b52fbc20d101dd1", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "18d5ea5b746120a3972e6c347ad9428228445327", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "d2c48b2387eb89e0bf2a2e06e30987cf410acad4", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/arm_sdei.c", "include/linux/cpuhotplug.h"], "versions": [{"version": "4.19.284", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.244", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.181", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.113", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.30", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3.4", "lessThanOrEqual": "6.3.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.4", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.19.284"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.4.244"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.181"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.113"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.30"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.3.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.4"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/59842a9ba27d5390ae5bf3233a92cad3a26d495c"}, {"url": "https://git.kernel.org/stable/c/48ac727ea4a3577eb1b4e24f807ba532c47930f9"}, {"url": "https://git.kernel.org/stable/c/7d8f5ccc826b39e05ff252b1fccd808c7a0725e0"}, {"url": "https://git.kernel.org/stable/c/66caf22787714c925e755719c293aaf3cb0b873b"}, {"url": "https://git.kernel.org/stable/c/a8267bc8de736cae927165191b52fbc20d101dd1"}, {"url": "https://git.kernel.org/stable/c/18d5ea5b746120a3972e6c347ad9428228445327"}, {"url": "https://git.kernel.org/stable/c/d2c48b2387eb89e0bf2a2e06e30987cf410acad4"}], "title": "firmware: arm_sdei: Fix sleep from invalid context BUG", "x_generator": {"engine": "bippy-1.2.0"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_sdei: Fix sleep from invalid context BUG\n\nRunning a preempt-rt (v6.2-rc3-rt1) based kernel on an Ampere Altra\ntriggers:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46\n in_atomic(): 0, irqs_disabled(): 128, non_block: 0, pid: 24, name: cpuhp/0\n preempt_count: 0, expected: 0\n RCU nest depth: 0, expected: 0\n 3 locks held by cpuhp/0/24:\n #0: ffffda30217c70d0 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x5c/0x248\n #1: ffffda30217c7120 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x5c/0x248\n #2: ffffda3021c711f0 (sdei_list_lock){....}-{3:3}, at: sdei_cpuhp_up+0x3c/0x130\n irq event stamp: 36\n hardirqs last enabled at (35): [<ffffda301e85b7bc>] finish_task_switch+0xb4/0x2b0\n hardirqs last disabled at (36): [<ffffda301e812fec>] cpuhp_thread_fun+0x21c/0x248\n softirqs last enabled at (0): [<ffffda301e80b184>] copy_process+0x63c/0x1ac0\n softirqs last disabled at (0): [<0000000000000000>] 0x0\n CPU: 0 PID: 24 Comm: cpuhp/0 Not tainted 5.19.0-rc3-rt5-[...]\n Hardware name: WIWYNN Mt.Jade Server [...]\n Call trace:\n dump_backtrace+0x114/0x120\n show_stack+0x20/0x70\n dump_stack_lvl+0x9c/0xd8\n dump_stack+0x18/0x34\n __might_resched+0x188/0x228\n rt_spin_lock+0x70/0x120\n sdei_cpuhp_up+0x3c/0x130\n cpuhp_invoke_callback+0x250/0xf08\n cpuhp_thread_fun+0x120/0x248\n smpboot_thread_fn+0x280/0x320\n kthread+0x130/0x140\n ret_from_fork+0x10/0x20\n\nsdei_cpuhp_up() is called in the STARTING hotplug section,\nwhich runs with interrupts disabled. Use a CPUHP_AP_ONLINE_DYN entry\ninstead to execute the cpuhp cb later, with preemption enabled.\n\nSDEI originally got its own cpuhp slot to allow interacting\nwith perf. It got superseded by pNMI and this early slot is not\nrelevant anymore. [1]\n\nSome SDEI calls (e.g. SDEI_1_0_FN_SDEI_PE_MASK) take actions on the\ncalling CPU. It is checked that preemption is disabled for them.\n_ONLINE cpuhp cb are executed in the 'per CPU hotplug thread'.\nPreemption is enabled in those threads, but their cpumask is limited\nto 1 CPU.\nMove 'WARN_ON_ONCE(preemptible())' statements so that SDEI cpuhp cb\ndon't trigger them.\n\nAlso add a check for the SDEI_1_0_FN_SDEI_PRIVATE_RESET SDEI call\nwhich acts on the calling CPU.\n\n[1]:\nhttps://lore.kernel.org/all/5813b8c5-ae3e-87fd-fccc-94c9cd08816d@arm.com/"}], "id": "CVE-2023-54160", "lastModified": "2025-12-24T13:16:18.060", "metrics": {}, "published": "2025-12-24T13:16:18.060", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/18d5ea5b746120a3972e6c347ad9428228445327"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/48ac727ea4a3577eb1b4e24f807ba532c47930f9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/59842a9ba27d5390ae5bf3233a92cad3a26d495c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/66caf22787714c925e755719c293aaf3cb0b873b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7d8f5ccc826b39e05ff252b1fccd808c7a0725e0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a8267bc8de736cae927165191b52fbc20d101dd1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d2c48b2387eb89e0bf2a2e06e30987cf410acad4"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object