From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 469D133343D for ; Wed, 24 Dec 2025 12:27:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766579263; cv=none; b=uXDte/+oh5A2bOjqfutjITb5sVOtFU8CfJf/4r6lb0avjqU/vfjhxwtFuDml1KEX958aD+PDxlMMqJD78Q4DuU6LtkqKN2zZJnWMwnnjJzZ7N/do4p0KRFB/M1z5wZ48l5aTmvqMArU+GBjuvpR4nX6TdD8hXBJjBOL7muZh4Ek= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766579263; c=relaxed/simple; bh=OUGgVueTfYsivRDH+pt3p5WK/r1QqgZ2lVHt+fDTCJg=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=WGxJ6txtiF5GUMFrWGOE/beCOmpSM2migwpKPVFFH8sS0LB8SJIkeixdNsfUyYsWrOgXJEXOWfI/O0eqT537MtW0OTngA/K7eH+HNAC6dwasjcpiA9CB4y/4UMY78V2qqr9/OGRKIrUpvW8elaFDs6SDHCmRi2reGMbhAH/zKqQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=lzwT2SwE; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="lzwT2SwE" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 74F44C4CEFB; Wed, 24 Dec 2025 12:27:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1766579262; bh=OUGgVueTfYsivRDH+pt3p5WK/r1QqgZ2lVHt+fDTCJg=; h=From:To:Cc:Subject:Date:Reply-To:From; b=lzwT2SwEhZRCECRtGgYrkcTPoeIDr4iCpzdFra8dYpC0tnJ2iDGQwQy1nYy/aeqje 2rrIKOaSye0nz+k4PPkg77MZ6q6dGkDegtLRqmWaSsY7Qg/85WszSuwbFbY5Czd9N6 NjJJYTqBEOwgvI+4wfoG4VtgjBK1a69mZbLiIuQo= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2023-54045: audit: fix possible soft lockup in __audit_inode_child() Date: Wed, 24 Dec 2025 13:26:38 +0100 Message-ID: <2025122423-CVE-2023-54045-e0ff@gregkh> X-Mailer: git-send-email 2.52.0 Reply-To: , Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4901; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=2l8MmyokTA9yHhPgqwTkI9ngGDJI/C3tB+42YVsgaL0=; b=owGbwMvMwCRo6H6F97bub03G02pJDJnet993O+QcOfjh5Ey11b98Pbnbzmgcm6S24H5Vg7Zt/ eS3TLWdHbEsDIJMDLJiiixftvEc3V9xSNHL0PY0zBxWJpAhDFycAjCRnjiGOVweLV/2RLtdn5mo d7Bc0P38CpNQb4YF85q0WZJevKxri/N+KCp7xvmJokcjAA== X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Transfer-Encoding: 8bit From: Greg Kroah-Hartman Description =========== In the Linux kernel, the following vulnerability has been resolved: audit: fix possible soft lockup in __audit_inode_child() Tracefs or debugfs maybe cause hundreds to thousands of PATH records, too many PATH records maybe cause soft lockup. For example: 1. CONFIG_KASAN=y && CONFIG_PREEMPTION=n 2. auditctl -a exit,always -S open -k key 3. sysctl -w kernel.watchdog_thresh=5 4. mkdir /sys/kernel/debug/tracing/instances/test There may be a soft lockup as follows: watchdog: BUG: soft lockup - CPU#45 stuck for 7s! [mkdir:15498] Kernel panic - not syncing: softlockup: hung tasks Call trace: dump_backtrace+0x0/0x30c show_stack+0x20/0x30 dump_stack+0x11c/0x174 panic+0x27c/0x494 watchdog_timer_fn+0x2bc/0x390 __run_hrtimer+0x148/0x4fc __hrtimer_run_queues+0x154/0x210 hrtimer_interrupt+0x2c4/0x760 arch_timer_handler_phys+0x48/0x60 handle_percpu_devid_irq+0xe0/0x340 __handle_domain_irq+0xbc/0x130 gic_handle_irq+0x78/0x460 el1_irq+0xb8/0x140 __audit_inode_child+0x240/0x7bc tracefs_create_file+0x1b8/0x2a0 trace_create_file+0x18/0x50 event_create_dir+0x204/0x30c __trace_add_new_event+0xac/0x100 event_trace_add_tracer+0xa0/0x130 trace_array_create_dir+0x60/0x140 trace_array_create+0x1e0/0x370 instance_mkdir+0x90/0xd0 tracefs_syscall_mkdir+0x68/0xa0 vfs_mkdir+0x21c/0x34c do_mkdirat+0x1b4/0x1d4 __arm64_sys_mkdirat+0x4c/0x60 el0_svc_common.constprop.0+0xa8/0x240 do_el0_svc+0x8c/0xc0 el0_svc+0x20/0x30 el0_sync_handler+0xb0/0xb4 el0_sync+0x160/0x180 Therefore, we add cond_resched() to __audit_inode_child() to fix it. The Linux kernel CVE team has assigned CVE-2023-54045 to this issue. Affected and fixed versions =========================== Issue introduced in 3.3 with commit 5195d8e217a78697152d64fc09a16e063a022465 and fixed in 4.14.326 with commit d061e2bfc20f2914656385816e0d20566213c54c Issue introduced in 3.3 with commit 5195d8e217a78697152d64fc09a16e063a022465 and fixed in 4.19.295 with commit 1640c7bd4eddec6c72f3a99cbb74e333a2ce9f5d Issue introduced in 3.3 with commit 5195d8e217a78697152d64fc09a16e063a022465 and fixed in 5.4.257 with commit f6364fa751d7486502c777f124a14d4d543fc5eb Issue introduced in 3.3 with commit 5195d8e217a78697152d64fc09a16e063a022465 and fixed in 5.10.195 with commit 98ef243d5900d75a64539a2165745bffbb155d43 Issue introduced in 3.3 with commit 5195d8e217a78697152d64fc09a16e063a022465 and fixed in 5.15.132 with commit 0152e7758cc4e9f8bfba8dbea4438d8e488d6c08 Issue introduced in 3.3 with commit 5195d8e217a78697152d64fc09a16e063a022465 and fixed in 6.1.53 with commit 9ca08adb75fb40a8f742c371927ee73f9dc753bf Issue introduced in 3.3 with commit 5195d8e217a78697152d64fc09a16e063a022465 and fixed in 6.4.16 with commit 8a40b491372966ba5426e138a53460985565d5a6 Issue introduced in 3.3 with commit 5195d8e217a78697152d64fc09a16e063a022465 and fixed in 6.5.3 with commit 8e76b944a7b9bddef190ffe2e29c9ae342ab91ed Issue introduced in 3.3 with commit 5195d8e217a78697152d64fc09a16e063a022465 and fixed in 6.6 with commit b59bc6e37237e37eadf50cd5de369e913f524463 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54045 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: kernel/auditsc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/d061e2bfc20f2914656385816e0d20566213c54c https://git.kernel.org/stable/c/1640c7bd4eddec6c72f3a99cbb74e333a2ce9f5d https://git.kernel.org/stable/c/f6364fa751d7486502c777f124a14d4d543fc5eb https://git.kernel.org/stable/c/98ef243d5900d75a64539a2165745bffbb155d43 https://git.kernel.org/stable/c/0152e7758cc4e9f8bfba8dbea4438d8e488d6c08 https://git.kernel.org/stable/c/9ca08adb75fb40a8f742c371927ee73f9dc753bf https://git.kernel.org/stable/c/8a40b491372966ba5426e138a53460985565d5a6 https://git.kernel.org/stable/c/8e76b944a7b9bddef190ffe2e29c9ae342ab91ed https://git.kernel.org/stable/c/b59bc6e37237e37eadf50cd5de369e913f524463