CVE-2023-53522

In the Linux kernel, the following vulnerability has been resolved: cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex syzbot is reporting circular locking dependency between cpu_hotplug_lock and freezer_mutex, for commit f5d39b020809 ("freezer,sched: Rewrite core freezer logic") replaced atomic_inc() in freezer_apply_state() with static_branch_inc() which holds cpu_hotplug_lock. cpu_hotplug_lock => cgroup_threadgroup_rwsem => freezer_mutex cgroup_file_write() { cgroup_procs_write() { __cgroup_procs_write() { cgroup_procs_write_start() { cgroup_attach_lock() { cpus_read_lock() { percpu_down_read(&cpu_hotplug_lock); } percpu_down_write(&cgroup_threadgroup_rwsem); } } cgroup_attach_task() { cgroup_migrate() { cgroup_migrate_execute() { freezer_attach() { mutex_lock(&freezer_mutex); (...snipped...) } } } } (...snipped...) } } } freezer_mutex => cpu_hotplug_lock cgroup_file_write() { freezer_write() { freezer_change_state() { mutex_lock(&freezer_mutex); freezer_apply_state() { static_branch_inc(&freezer_active) { static_key_slow_inc() { cpus_read_lock(); static_key_slow_inc_cpuslocked(); cpus_read_unlock(); } } } mutex_unlock(&freezer_mutex); } } } Swap locking order by moving cpus_read_lock() in freezer_apply_state() to before mutex_lock(&freezer_mutex) in freezer_change_state().

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/34fbb7b45bae20b551dda24337c7761ca13ce69d	Patch
https://git.kernel.org/stable/c/3756171b97c307d9df8b8ded1d883eec30172085	Patch
https://git.kernel.org/stable/c/57dcd64c7e036299ef526b400a8d12b8a2352f26	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc6::::::

History

26 Jan 2026, 20:04

Type	Values Removed	Values Added
First Time		Linux Linux linux Kernel
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
References	~~() https://git.kernel.org/stable/c/34fbb7b45bae20b551dda24337c7761ca13ce69d -~~	() https://git.kernel.org/stable/c/34fbb7b45bae20b551dda24337c7761ca13ce69d - Patch
References	~~() https://git.kernel.org/stable/c/3756171b97c307d9df8b8ded1d883eec30172085 -~~	() https://git.kernel.org/stable/c/3756171b97c307d9df8b8ded1d883eec30172085 - Patch
References	~~() https://git.kernel.org/stable/c/57dcd64c7e036299ef526b400a8d12b8a2352f26 -~~	() https://git.kernel.org/stable/c/57dcd64c7e036299ef526b400a8d12b8a2352f26 - Patch
CPE		cpe:2.3:o:linux:linux_kernel:6.3:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.3:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.3:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.3:rc2:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.3:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.3:rc6::::::

01 Oct 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-01 12:15

Updated : 2026-01-26 20:04

NVD link : CVE-2023-53522

Mitre link : CVE-2023-53522

CVE.ORG link : CVE-2023-53522

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

7.8 /10