VYPR
High severity7.8NVD Advisory· Published Oct 1, 2025· Updated Apr 6, 2026

CVE-2023-53522

CVE-2023-53522

Description

In the Linux kernel, the following vulnerability has been resolved:

cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex

syzbot is reporting circular locking dependency between cpu_hotplug_lock and freezer_mutex, for commit f5d39b020809 ("freezer,sched: Rewrite core freezer logic") replaced atomic_inc() in freezer_apply_state() with static_branch_inc() which holds cpu_hotplug_lock.

cpu_hotplug_lock => cgroup_threadgroup_rwsem => freezer_mutex

cgroup_file_write() { cgroup_procs_write() { __cgroup_procs_write() { cgroup_procs_write_start() { cgroup_attach_lock() { cpus_read_lock() { percpu_down_read(&cpu_hotplug_lock); } percpu_down_write(&cgroup_threadgroup_rwsem); } } cgroup_attach_task() { cgroup_migrate() { cgroup_migrate_execute() { freezer_attach() { mutex_lock(&freezer_mutex); (...snipped...) } } } } (...snipped...) } } }

freezer_mutex => cpu_hotplug_lock

cgroup_file_write() { freezer_write() { freezer_change_state() { mutex_lock(&freezer_mutex); freezer_apply_state() { static_branch_inc(&freezer_active) { static_key_slow_inc() { cpus_read_lock(); static_key_slow_inc_cpuslocked(); cpus_read_unlock(); } } } mutex_unlock(&freezer_mutex); } } }

Swap locking order by moving cpus_read_lock() in freezer_apply_state() to before mutex_lock(&freezer_mutex) in freezer_change_state().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • Linux/Kernel8 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.1,<6.1.25
    • cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.3:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.3:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.3:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.3:rc6:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.