CVE-2023-53694: riscv: ftrace: Fixup panic by disabling preemption
In the Linux kernel, the following vulnerability has been resolved:
riscv: ftrace: Fixup panic by disabling preemption
In RISCV, we must use an AUIPC + JALR pair to encode an immediate,
forming a jump that jumps to an address over 4K. This may cause errors
if we want to enable kernel preemption and remove dependency from
patching code with stop_machine(). For example, if a task was switched
out on auipc. And, if we changed the ftrace function before it was
switched back, then it would jump to an address that has updated 11:0
bits mixing with previous XLEN:12 part.
p: patched area performed by dynamic ftrace
ftrace_prologue:
p| REG_S ra, -SZREG(sp)
p| auipc ra, 0x? ------------> preempted
...
change ftrace function
...
p| jalr -?(ra) <------------- switched back
p| REG_L ra, -SZREG(sp)
func:
xxx
ret
Security readout for executives and security teams
Plain-English summary
This is a Linux kernel issue specific to RISC-V systems. A rare timing window in kernel tracing can mix old and new jump target data when preemption occurs, potentially causing a kernel panic. The source bundle does not provide CVSS, CWE, or evidence of active exploitation.
Executive priority
Treat this as a targeted reliability risk for RISC-V Linux environments. It is not currently supported by evidence of active exploitation, but kernel panic conditions can still affect availability on exposed or critical systems.
Technical view
RISC-V ftrace uses an AUIPC and JALR pair for long jumps. If a task is preempted between the pair while ftrace code is patched, execution can resume with mismatched address bits and jump incorrectly. The resolved change disables preemption around the vulnerable patching sequence.
Likely exposure
Exposure appears limited to Linux kernels on RISC-V where dynamic ftrace and kernel preemption are relevant. The supplied affected data names Linux versions including 5.12, 6.1.23, 6.2.3, and 6.3, but does not give complete fixed release mapping.
Exploitation context
The bundle says this is not in KEV and provides no cited evidence of public exploitation. The described impact is a kernel panic from a race during ftrace patching, not a documented remote compromise path.
Researcher notes
The record is sparse: no CVSS, CWE, or exploit details are supplied. Analysis should stay close to the RISC-V ftrace preemption race and referenced kernel commits. Avoid generalizing impact to all Linux architectures without vendor confirmation.
Mitigation direction
Identify RISC-V Linux systems and their running kernel versions.
Apply vendor kernel updates that include the referenced stable fixes.
If no vendor update is available, monitor official kernel and distribution advisories.
Prioritize systems using kernel preemption and dynamic ftrace features.
Validation and detection
Confirm whether any production assets run Linux on RISC-V hardware.
Check kernel package versions against vendor advisories and the referenced stable commits.
Review kernel configuration for preemption and ftrace relevance.
Track remediation status separately from non-RISC-V Linux fleets.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2023-53694 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
4Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Oct 22, 2025, 13:23 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.