CVE-2023-53550
Description
In the Linux kernel, the following vulnerability has been resolved:
cpufreq: amd-pstate: fix global sysfs attribute type
In commit 3666062b87ec ("cpufreq: amd-pstate: move to use bus_get_dev_root()") the "amd_pstate" attributes where moved from a dedicated kobject to the cpu root kobject.
While the dedicated kobject expects to contain kobj_attributes the root kobject needs device_attributes.
As the changed arguments are not used by the callbacks it works most of the time. However CFI will detect this issue:
[ 4947.849350] CFI failure at dev_attr_show+0x24/0x60 (target: show_status+0x0/0x70; expected type: 0x8651b1de) ... [ 4947.849409] Call Trace: [ 4947.849410] [ 4947.849411] ? __warn+0xcf/0x1c0 [ 4947.849414] ? dev_attr_show+0x24/0x60 [ 4947.849415] ? report_cfi_failure+0x4e/0x60 [ 4947.849417] ? handle_cfi_failure+0x14c/0x1d0 [ 4947.849419] ? __cfi_show_status+0x10/0x10 [ 4947.849420] ? handle_bug+0x4f/0x90 [ 4947.849421] ? exc_invalid_op+0x1a/0x60 [ 4947.849422] ? asm_exc_invalid_op+0x1a/0x20 [ 4947.849424] ? __cfi_show_status+0x10/0x10 [ 4947.849425] ? dev_attr_show+0x24/0x60 [ 4947.849426] sysfs_kf_seq_show+0xa6/0x110 [ 4947.849433] seq_read_iter+0x16c/0x4b0 [ 4947.849436] vfs_read+0x272/0x2d0 [ 4947.849438] ksys_read+0x72/0xe0 [ 4947.849439] do_syscall_64+0x76/0xb0 [ 4947.849440] ? do_user_addr_fault+0x252/0x650 [ 4947.849442] ? exc_page_fault+0x7a/0x1b0 [ 4947.849443] entry_SYSCALL_64_after_hwframe+0x72/0xdc
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's amd-pstate cpufreq driver, a sysfs attribute type mismatch after moving to bus_get_dev_root() triggers Control Flow Integrity failures, potentially causing system crashes.
Vulnerability
Description
In the Linux kernel's amd-pstate cpufreq driver, a bug was introduced by commit 3666062b87ec (") which moved global sysfs attributes from a dedicated kobject to the cpu root kobject. The attributes were originally of type kobj_attribute, but the root kobject expects device_attribute. This type mismatch is not caught during compilation because the callback functions do not use the changed argument types; however, it is detected at runtime by Control Flow Integrity (CFI) checks.
Exploitation
The CFI failure occurs when a user reads the status sysfs attribute of the amd-pstate driver. An attacker with local access to the system can trigger the bug by simply reading the affected sysfs file. No special privileges beyond read access to sysfs are required, making it a low-complexity local attack.
Impact
When the CFI check fails, the kernel panics, leading to a denial of service (system crash). The vulnerability does not allow privilege escalation or code execution, but it can be used to disrupt system availability.
Mitigation
The issue has been resolved in stable kernel updates. Patches are available in commits [1] and [2]. Users should apply the latest kernel updates from their distribution to mitigate the vulnerability.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.4,<6.4.11
- cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.5:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.5:rc5:*:*:*:*:*:*
Patches
2ddcfc33a20385e720f8c8c9dVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.