LiveActive security incident?Get immediate response
CVE Record

CVE-2023-53694: riscv: ftrace: Fixup panic by disabling preemption

In the Linux kernel, the following vulnerability has been resolved: riscv: ftrace: Fixup panic by disabling preemption In RISCV, we must use an AUIPC + JALR pair to encode an immediate, forming a jump that jumps to an address over 4K. This may cause errors if we want to enable kernel preemption and remove dependency from patching code with stop_machine(). For example, if a task was switched out on auipc. And, if we changed the ftrace function before it was switched back, then it would jump to an address that has updated 11:0 bits mixing with previous XLEN:12 part. p: patched area performed by dynamic ftrace ftrace_prologue: p| REG_S ra, -SZREG(sp) p| auipc ra, 0x? ------------> preempted ... change ftrace function ... p| jalr -?(ra) <------------- switched back p| REG_L ra, -SZREG(sp) func: xxx ret

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel issue specific to RISC-V systems. A rare timing window in kernel tracing can mix old and new jump target data when preemption occurs, potentially causing a kernel panic. The source bundle does not provide CVSS, CWE, or evidence of active exploitation.

Executive priority

Treat this as a targeted reliability risk for RISC-V Linux environments. It is not currently supported by evidence of active exploitation, but kernel panic conditions can still affect availability on exposed or critical systems.

Technical view

RISC-V ftrace uses an AUIPC and JALR pair for long jumps. If a task is preempted between the pair while ftrace code is patched, execution can resume with mismatched address bits and jump incorrectly. The resolved change disables preemption around the vulnerable patching sequence.

Likely exposure

Exposure appears limited to Linux kernels on RISC-V where dynamic ftrace and kernel preemption are relevant. The supplied affected data names Linux versions including 5.12, 6.1.23, 6.2.3, and 6.3, but does not give complete fixed release mapping.

Exploitation context

The bundle says this is not in KEV and provides no cited evidence of public exploitation. The described impact is a kernel panic from a race during ftrace patching, not a documented remote compromise path.

Researcher notes

The record is sparse: no CVSS, CWE, or exploit details are supplied. Analysis should stay close to the RISC-V ftrace preemption race and referenced kernel commits. Avoid generalizing impact to all Linux architectures without vendor confirmation.

Mitigation direction

  • Identify RISC-V Linux systems and their running kernel versions.
  • Apply vendor kernel updates that include the referenced stable fixes.
  • If no vendor update is available, monitor official kernel and distribution advisories.
  • Prioritize systems using kernel preemption and dynamic ftrace features.

Validation and detection

  • Confirm whether any production assets run Linux on RISC-V hardware.
  • Check kernel package versions against vendor advisories and the referenced stable commits.
  • Review kernel configuration for preemption and ftrace relevance.
  • Track remediation status separately from non-RISC-V Linux fleets.
Prepared
Confidence
medium
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-53694 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
4Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxafc76b8b80112189b6f11e67e19cf58301944814, afc76b8b80112189b6f11e67e19cf58301944814, afc76b8b80112189b6f11e67e19cf58301944814unaffected
LinuxLinux5.12, 0, 6.1.23, 6.2.3, 6.3affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.