{
  "threat_severity" : "Low",
  "public_date" : "2025-12-08T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Linux kernel: Denial of Service due to deadlock in Universal Flash Storage driver",
    "id" : "2419898",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2419898"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-833",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nscsi: ufs: core: mcq: Fix &hwq->cq_lock deadlock issue\nWhen ufshcd_err_handler() is executed, CQ event interrupt can enter waiting\nfor the same lock. This can happen in ufshcd_handle_mcq_cq_events() and\nalso in ufs_mtk_mcq_intr(). The following warning message will be generated\nwhen &hwq->cq_lock is used in IRQ context with IRQ enabled. Use\nufshcd_mcq_poll_cqe_lock() with spin_lock_irqsave instead of spin_lock to\nresolve the deadlock issue.\n[name:lockdep&]WARNING: inconsistent lock state\n[name:lockdep&]--------------------------------\n[name:lockdep&]inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage.\n[name:lockdep&]kworker/u16:4/260 [HC0[0]:SC0[0]:HE1:SE1] takes:\nffffff8028444600 (&hwq->cq_lock){?.-.}-{2:2}, at:\nufshcd_mcq_poll_cqe_lock+0x30/0xe0\n[name:lockdep&]{IN-HARDIRQ-W} state was registered at:\nlock_acquire+0x17c/0x33c\n_raw_spin_lock+0x5c/0x7c\nufshcd_mcq_poll_cqe_lock+0x30/0xe0\nufs_mtk_mcq_intr+0x60/0x1bc [ufs_mediatek_mod]\n__handle_irq_event_percpu+0x140/0x3ec\nhandle_irq_event+0x50/0xd8\nhandle_fasteoi_irq+0x148/0x2b0\ngeneric_handle_domain_irq+0x4c/0x6c\ngic_handle_irq+0x58/0x134\ncall_on_irq_stack+0x40/0x74\ndo_interrupt_handler+0x84/0xe4\nel1_interrupt+0x3c/0x78\n<snip>\nPossible unsafe locking scenario:\nCPU0\n----\nlock(&hwq->cq_lock);\n<Interrupt>\nlock(&hwq->cq_lock);\n*** DEADLOCK ***\n2 locks held by kworker/u16:4/260:\n[name:lockdep&]\nstack backtrace:\nCPU: 7 PID: 260 Comm: kworker/u16:4 Tainted: G S      W  OE\n6.1.17-mainline-android14-2-g277223301adb #1\nWorkqueue: ufs_eh_wq_0 ufshcd_err_handler\nCall trace:\ndump_backtrace+0x10c/0x160\nshow_stack+0x20/0x30\ndump_stack_lvl+0x98/0xd8\ndump_stack+0x20/0x60\nprint_usage_bug+0x584/0x76c\nmark_lock_irq+0x488/0x510\nmark_lock+0x1ec/0x25c\n__lock_acquire+0x4d8/0xffc\nlock_acquire+0x17c/0x33c\n_raw_spin_lock+0x5c/0x7c\nufshcd_mcq_poll_cqe_lock+0x30/0xe0\nufshcd_poll+0x68/0x1b0\nufshcd_transfer_req_compl+0x9c/0xc8\nufshcd_err_handler+0x3bc/0xea0\nprocess_one_work+0x2f4/0x7e8\nworker_thread+0x234/0x450\nkthread+0x110/0x134\nret_from_fork+0x10/0x20", "A flaw was found in the Linux kernel. A local attacker with low privileges could exploit a deadlock vulnerability in the Universal Flash Storage (UFS) host controller driver (ufshcd). This occurs when the error handler and a Command Queue (CQ) event interrupt attempt to acquire the same lock simultaneously. Successful exploitation leads to a system deadlock, causing a Denial of Service (DoS)." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53760\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53760\nhttps://lore.kernel.org/linux-cve-announce/2025120844-CVE-2023-53760-8e04@gregkh/T" ],
  "name" : "CVE-2023-53760",
  "csaw" : false
}