Home

Description

In the Linux kernel, the following vulnerability has been resolved: posix-timers: Prevent RT livelock in itimer_delete() itimer_delete() has a retry loop when the timer is concurrently expired. On non-RT kernels this just spin-waits until the timer callback has completed, except for posix CPU timers which have HAVE_POSIX_CPU_TIMERS_TASK_WORK enabled. In that case and on RT kernels the existing task could live lock when preempting the task which does the timer delivery. Replace spin_unlock() with an invocation of timer_wait_running() to handle it the same way as the other retry loops in the posix timer code.

PUBLISHED Reserved 2025-12-08 | Published 2025-12-09 | Updated 2025-12-09 | Assigner Linux

Product status

Default status
unaffected

ec8f954a40da8cd3d159713b608e901f0cd909a9 (git) before f1be1ed32daa053484222f7f9beb2b16c624dffd
affected

ec8f954a40da8cd3d159713b608e901f0cd909a9 (git) before 0670c4c567b27bd8f999a943028f4fe60d1a1106
affected

ec8f954a40da8cd3d159713b608e901f0cd909a9 (git) before e7aff15ba29ba4b3052786b1636fa5c4aa39e179
affected

ec8f954a40da8cd3d159713b608e901f0cd909a9 (git) before f9bd298e3e4d3fd6e19f017789a42d0f332cd555
affected

ec8f954a40da8cd3d159713b608e901f0cd909a9 (git) before c1968bb8a28625cc95d2ad3ca872ab98c9c36d59
affected

ec8f954a40da8cd3d159713b608e901f0cd909a9 (git) before 9d9e522010eb5685d8b53e8a24320653d9d4cbbf
affected

Default status
affected

5.4
affected

Any version before 5.4
unaffected

5.10.188 (semver)
unaffected

5.15.121 (semver)
unaffected

6.1.39 (semver)
unaffected

6.3.13 (semver)
unaffected

6.4.4 (semver)
unaffected

6.5 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/f1be1ed32daa053484222f7f9beb2b16c624dffd

git.kernel.org/...c/0670c4c567b27bd8f999a943028f4fe60d1a1106

git.kernel.org/...c/e7aff15ba29ba4b3052786b1636fa5c4aa39e179

git.kernel.org/...c/f9bd298e3e4d3fd6e19f017789a42d0f332cd555

git.kernel.org/...c/c1968bb8a28625cc95d2ad3ca872ab98c9c36d59

git.kernel.org/...c/9d9e522010eb5685d8b53e8a24320653d9d4cbbf

cve.org (CVE-2023-53815)

nvd.nist.gov (CVE-2023-53815)

Download JSON