CVE-2023-52623
Detail
Undergoing Reanalysis
This CVE is currently being enriched by team members, this process results in the association of reference link tags, CVSS, CWE, and CPE applicability statement data.
Description
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix a suspicious RCU usage warning
I received the following warning while running cthon against an ontap
server running pNFS:
[ 57.202521] =============================
[ 57.202522] WARNING: suspicious RCU usage
[ 57.202523] 6.7.0-rc3-g2cc14f52aeb7 #41492 Not tainted
[ 57.202525] -----------------------------
[ 57.202525] net/sunrpc/xprtmultipath.c:349 RCU-list traversed in non-reader section!!
[ 57.202527]
other info that might help us debug this:
[ 57.202528]
rcu_scheduler_active = 2, debug_locks = 1
[ 57.202529] no locks held by test5/3567.
[ 57.202530]
stack backtrace:
[ 57.202532] CPU: 0 PID: 3567 Comm: test5 Not tainted 6.7.0-rc3-g2cc14f52aeb7 #41492 5b09971b4965c0aceba19f3eea324a4a806e227e
[ 57.202534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 2/2/2022
[ 57.202536] Call Trace:
[ 57.202537] <TASK>
[ 57.202540] dump_stack_lvl+0x77/0xb0
[ 57.202551] lockdep_rcu_suspicious+0x154/0x1a0
[ 57.202556] rpc_xprt_switch_has_addr+0x17c/0x190 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202596] rpc_clnt_setup_test_and_add_xprt+0x50/0x180 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202621] ? rpc_clnt_add_xprt+0x254/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202646] rpc_clnt_add_xprt+0x27a/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202671] ? __pfx_rpc_clnt_setup_test_and_add_xprt+0x10/0x10 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202696] nfs4_pnfs_ds_connect+0x345/0x760 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]
[ 57.202728] ? __pfx_nfs4_test_session_trunk+0x10/0x10 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]
[ 57.202754] nfs4_fl_prepare_ds+0x75/0xc0 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]
[ 57.202760] filelayout_write_pagelist+0x4a/0x200 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]
[ 57.202765] pnfs_generic_pg_writepages+0xbe/0x230 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]
[ 57.202788] __nfs_pageio_add_request+0x3fd/0x520 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202813] nfs_pageio_add_request+0x18b/0x390 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202831] nfs_do_writepage+0x116/0x1e0 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202849] nfs_writepages_callback+0x13/0x30 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202866] write_cache_pages+0x265/0x450
[ 57.202870] ? __pfx_nfs_writepages_callback+0x10/0x10 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202891] nfs_writepages+0x141/0x230 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202913] do_writepages+0xd2/0x230
[ 57.202917] ? filemap_fdatawrite_wbc+0x5c/0x80
[ 57.202921] filemap_fdatawrite_wbc+0x67/0x80
[ 57.202924] filemap_write_and_wait_range+0xd9/0x170
[ 57.202930] nfs_wb_all+0x49/0x180 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202947] nfs4_file_flush+0x72/0xb0 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]
[ 57.202969] __se_sys_close+0x46/0xd0
[ 57.202972] do_syscall_64+0x68/0x100
[ 57.202975] ? do_syscall_64+0x77/0x100
[ 57.202976] ? do_syscall_64+0x77/0x100
[ 57.202979] entry_SYSCALL_64_after_hwframe+0x6e/0x76
[ 57.202982] RIP: 0033:0x7fe2b12e4a94
[ 57.202985] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d d5 18 0e 00 00 74 13 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 44 c3 0f 1f 00 48 83 ec 18 89 7c 24 0c e8 c3
[ 57.202987] RSP: 002b:00007ffe857ddb38 EFLAGS: 00000202 ORIG_RAX: 0000000000000003
[ 57.202989] RAX: ffffffffffffffda RBX: 00007ffe857dfd68 RCX: 00007fe2b12e4a94
[ 57.202991] RDX: 0000000000002000 RSI: 00007ffe857ddc40 RDI: 0000000000000003
[ 57.202992] RBP: 00007ffe857dfc50 R08: 7fffffffffffffff R09: 0000000065650f49
[ 57.202993] R10: 00007f
---truncated---
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0 Severity and Vector Strings:
NVD assessment
not yet provided.
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected] .
Weakness Enumeration
CWE-ID
CWE Name
Source
NVD-CWE-noinfo
Insufficient Information
NIST
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CISA-ADP
Change History
10 change records found show changes
Initial Analysis by NIST 9/16/2025 12:08:08 PM
Action
Type
Old Value
New Value
Added
CVSS V3.1
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added
CWE
NVD-CWE-noinfo
Added
CPE Configuration
OR
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.149
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.210
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.7.4
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.16
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.77
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.269
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.9 up to (excluding) 4.19.307
Added
Reference Type
CVE: https://git.kernel.org/stable/c/31b62908693c90d4d07db597e685d9f25a120073 Types: Patch
Added
Reference Type
CVE: https://git.kernel.org/stable/c/69c7eeb4f622c2a28da965f970f982db171f3dc6 Types: Patch
Added
Reference Type
CVE: https://git.kernel.org/stable/c/7a96d85bf196c170dcf1b47a82e9bb97cca69aa6 Types: Patch
Added
Reference Type
CVE: https://git.kernel.org/stable/c/8f860c8407470baff2beb9982ad6b172c94f1d0a Types: Patch
Added
Reference Type
CVE: https://git.kernel.org/stable/c/c430e6bb43955c6bf573665fcebf31694925b9f7 Types: Patch
Added
Reference Type
CVE: https://git.kernel.org/stable/c/e8ca3e73301e23e8c0ac0ce2e6bac4545cd776e0 Types: Patch
Added
Reference Type
CVE: https://git.kernel.org/stable/c/f8cf4dabbdcb8bef85335b0ed7ad5b25fd82ff56 Types: Patch
Added
Reference Type
CVE: https://git.kernel.org/stable/c/fece80a2a6718ed58487ce397285bb1b83a3e54e Types: Patch
Added
Reference Type
CVE: https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Types: Third Party Advisory
Added
Reference Type
CVE: https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html Types: Third Party Advisory
Added
Reference Type
kernel.org: https://git.kernel.org/stable/c/31b62908693c90d4d07db597e685d9f25a120073 Types: Patch
Added
Reference Type
kernel.org: https://git.kernel.org/stable/c/69c7eeb4f622c2a28da965f970f982db171f3dc6 Types: Patch
Added
Reference Type
kernel.org: https://git.kernel.org/stable/c/7a96d85bf196c170dcf1b47a82e9bb97cca69aa6 Types: Patch
Added
Reference Type
kernel.org: https://git.kernel.org/stable/c/8f860c8407470baff2beb9982ad6b172c94f1d0a Types: Patch
Added
Reference Type
kernel.org: https://git.kernel.org/stable/c/c430e6bb43955c6bf573665fcebf31694925b9f7 Types: Patch
Added
Reference Type
kernel.org: https://git.kernel.org/stable/c/e8ca3e73301e23e8c0ac0ce2e6bac4545cd776e0 Types: Patch
Added
Reference Type
kernel.org: https://git.kernel.org/stable/c/f8cf4dabbdcb8bef85335b0ed7ad5b25fd82ff56 Types: Patch
Added
Reference Type
kernel.org: https://git.kernel.org/stable/c/fece80a2a6718ed58487ce397285bb1b83a3e54e Types: Patch
CVE Modified by CISA-ADP 5/20/2025 11:15:56 AM
Action
Type
Old Value
New Value
Added
CWE
CWE-22
CVE Modified by CVE 11/21/2024 3:40:13 AM
Action
Type
Old Value
New Value
Added
Reference
https://git.kernel.org/stable/c/31b62908693c90d4d07db597e685d9f25a120073
Added
Reference
https://git.kernel.org/stable/c/69c7eeb4f622c2a28da965f970f982db171f3dc6
Added
Reference
https://git.kernel.org/stable/c/7a96d85bf196c170dcf1b47a82e9bb97cca69aa6
Added
Reference
https://git.kernel.org/stable/c/8f860c8407470baff2beb9982ad6b172c94f1d0a
Added
Reference
https://git.kernel.org/stable/c/c430e6bb43955c6bf573665fcebf31694925b9f7
Added
Reference
https://git.kernel.org/stable/c/e8ca3e73301e23e8c0ac0ce2e6bac4545cd776e0
Added
Reference
https://git.kernel.org/stable/c/f8cf4dabbdcb8bef85335b0ed7ad5b25fd82ff56
Added
Reference
https://git.kernel.org/stable/c/fece80a2a6718ed58487ce397285bb1b83a3e54e
Added
Reference
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Added
Reference
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
CVE Modified by CISA-ADP 11/04/2024 12:35:08 PM
Action
Type
Old Value
New Value
Added
CVSS V3.1
CISA-ADP AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE Modified by kernel.org 11/04/2024 8:16:42 AM
Action
Type
Old Value
New Value
Removed
Reference
kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Removed
Reference
kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
CVE Modified by kernel.org 6/27/2024 9:15:53 AM
Action
Type
Old Value
New Value
Added
Reference
kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html [No types assigned]
CVE Modified by kernel.org 6/25/2024 5:15:54 PM
Action
Type
Old Value
New Value
Added
Reference
kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html [No types assigned]
CVE Modified by kernel.org 5/29/2024 2:15:44 AM
Action
Type
Old Value
New Value
CVE Modified by kernel.org 5/14/2024 10:23:04 AM
Action
Type
Old Value
New Value
New CVE Received from kernel.org 3/26/2024 2:15:08 PM
Action
Type
Old Value
New Value
Added
Description
Record truncated, showing 2048 of 3998 characters.
View Entire Change Record
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix a suspicious RCU usage warning
I received the following warning while running cthon against an ontap
server running pNFS:
[ 57.202521] =============================
[ 57.202522] WARNING: suspicious RCU usage
[ 57.202523] 6.7.0-rc3-g2cc14f52aeb7 #41492 Not tainted
[ 57.202525] -----------------------------
[ 57.202525] net/sunrpc/xprtmultipath.c:349 RCU-list traversed in non-reader section!!
[ 57.202527]
other info that might help us debug this:
[ 57.202528]
rcu_scheduler_active = 2, debug_locks = 1
[ 57.202529] no locks held by test5/3567.
[ 57.202530]
stack backtrace:
[ 57.202532] CPU: 0 PID: 3567 Comm: test5 Not tainted 6.7.0-rc3-g2cc14f52aeb7 #41492 5b09971b4965c0aceba19f3eea324a4a806e227e
[ 57.202534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 2/2/2022
[ 57.202536] Call Trace:
[ 57.202537] <TASK>
[ 57.202540] dump_stack_lvl+0x77/0xb0
[ 57.202551] lockdep_rcu_suspicious+0x154/0x1a0
[ 57.202556] rpc_xprt_switch_has_addr+0x17c/0x190 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202596] rpc_clnt_setup_test_and_add_xprt+0x50/0x180 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202621] ? rpc_clnt_add_xprt+0x254/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202646] rpc_clnt_add_xprt+0x27a/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202671] ? __pfx_rpc_clnt_setup_test_and_add_xprt+0x10/0x10 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202696] nfs4_pnfs_ds_connect+0x345/0x760 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]
[ 57.202728] ? __pfx_nfs4_test_session_trunk+0x10/0x10 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]
[ 57.202754] nfs4_fl_prepare_ds+0x75/0xc0 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]
[ 57.202760] filelayout_write_pagelist+0x4a/0x200 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]
[ 5
Added
Reference
kernel.org https://git.kernel.org/stable/c/31b62908693c90d4d07db597e685d9f25a120073 [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/69c7eeb4f622c2a28da965f970f982db171f3dc6 [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/7a96d85bf196c170dcf1b47a82e9bb97cca69aa6 [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/8f860c8407470baff2beb9982ad6b172c94f1d0a [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/c430e6bb43955c6bf573665fcebf31694925b9f7 [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/e8ca3e73301e23e8c0ac0ce2e6bac4545cd776e0 [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/f8cf4dabbdcb8bef85335b0ed7ad5b25fd82ff56 [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/fece80a2a6718ed58487ce397285bb1b83a3e54e [No types assigned]
Quick Info
CVE Dictionary Entry: CVE-2023-52623 NVD
Published Date: 03/26/2024 NVD
Last Modified: 09/16/2025
Source: kernel.org