LiveActive security incident?Get immediate response
CVE Record

CVE-2023-53419: rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access

In the Linux kernel, the following vulnerability has been resolved: rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access For kernels built with CONFIG_PREEMPT_RCU=y, the following scenario can result in a NULL-pointer dereference: CPU1 CPU2 rcu_preempt_deferred_qs_irqrestore rcu_print_task_exp_stall if (special.b.blocked) READ_ONCE(rnp->exp_tasks) != NULL raw_spin_lock_rcu_node np = rcu_next_node_entry(t, rnp) if (&t->rcu_node_entry == rnp->exp_tasks) WRITE_ONCE(rnp->exp_tasks, np) .... raw_spin_unlock_irqrestore_rcu_node raw_spin_lock_irqsave_rcu_node t = list_entry(rnp->exp_tasks->prev, struct task_struct, rcu_node_entry) (if rnp->exp_tasks is NULL, this will dereference a NULL pointer) The problem is that CPU2 accesses the rcu_node structure's->exp_tasks field without holding the rcu_node structure's ->lock and CPU2 did not observe CPU1's change to rcu_node structure's ->exp_tasks in time. Therefore, if CPU1 sets rcu_node structure's->exp_tasks pointer to NULL, then CPU2 might dereference that NULL pointer. This commit therefore holds the rcu_node structure's ->lock while accessing that structure's->exp_tasks field. [ paulmck: Apply Frederic Weisbecker feedback. ]

MediumCVSS 5.5Not KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel availability bug. On systems built with CONFIG_PREEMPT_RCU, a race in RCU stall reporting can cause the kernel to dereference a NULL pointer, potentially crashing the system. The CVSS impact is availability only, with local low-privilege access required.

Executive priority

Treat this as a moderate availability issue. It is not described as remotely exploitable, but it can matter for service reliability where local users, containers, or workloads share a Linux host.

Technical view

The flaw is a CWE-476 NULL pointer dereference in rcu_print_task_exp_stall(). One CPU can update rcu_node->exp_tasks to NULL while another reads it without holding the rcu_node lock. The fix holds the rcu_node lock while accessing exp_tasks.

Likely exposure

Exposure is limited to Linux kernels matching the affected records and built with CONFIG_PREEMPT_RCU=y. Business risk is highest for multi-user Linux systems, shared compute, and critical servers where a local-triggered kernel crash would disrupt availability.

Exploitation context

The source bundle does not report known active exploitation, and KEV is false. The CVSS vector indicates local access, low attack complexity, low privileges, no user interaction, and high availability impact without confidentiality or integrity impact.

Researcher notes

Evidence supports a race condition in RCU expedited stall printing. The provided details identify root cause and fix direction, but do not provide distribution-specific package versions, exploit reports, or operational mitigations beyond applying vendor kernel fixes.

Mitigation direction

  • Check kernel vendor advisories for fixed packages matching your distribution and branch.
  • Prioritize updates on systems where local users or workloads are not fully trusted.
  • Track the referenced Linux stable commits in kernel branches you build or maintain.
  • If no package is available, follow vendor guidance for backporting the locking fix.

Validation and detection

  • Inventory Linux kernel versions and confirm whether CONFIG_PREEMPT_RCU is enabled.
  • Compare deployed kernels against vendor-fixed versions or the referenced stable commits.
  • Confirm patched kernels include locking around rcu_node->exp_tasks access in this path.
  • Run normal regression testing for kernel updates before production rollout.
Prepared
Confidence
high
Sources
7

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-476: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2023-53419 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
5.5 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
3Timeline events
1ADP providers
6Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
5.5CVSS 3.1MediumCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H1.83.6CISA-ADP

Vulnerability scoring details

Base CVSS 3.1 score

5.5Medium
CVSS 3.1 vector shape for CVE-2023-53419Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
cvssV3_1other:ssvc
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux314eeb43e5f22856b281c91c966e51e5782a3498, 314eeb43e5f22856b281c91c966e51e5782a3498, 314eeb43e5f22856b281c91c966e51e5782a3498, 314eeb43e5f22856b281c91c966e51e5782a3498, 314eeb43e5f22856b281c91c966e51e5782a3498unaffected
LinuxLinux5.8, 0, 5.10.181, 5.15.113, 6.1.30, 6.3.4, 6.4affected
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-476 · source CWE mapping

NULL Pointer Dereference

NULL Pointer Dereference represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.