VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 22, 2025· Updated Apr 15, 2026

CVE-2023-53712

CVE-2023-53712

Description

In the Linux kernel, the following vulnerability has been resolved:

ARM: 9317/1: kexec: Make smp stop calls asynchronous

If a panic is triggered by a hrtimer interrupt all online cpus will be notified and set offline. But as highlighted by commit 19dbdcb8039c ("smp: Warn on function calls from softirq context") this call should not be made synchronous with disabled interrupts:

softdog: Initiating panic Kernel panic - not syncing: Software Watchdog Timer expired WARNING: CPU: 1 PID: 0 at kernel/smp.c:753 smp_call_function_many_cond unwind_backtrace: show_stack dump_stack_lvl __warn warn_slowpath_fmt smp_call_function_many_cond smp_call_function crash_smp_send_stop.part.0 machine_crash_shutdown __crash_kexec panic softdog_fire __hrtimer_run_queues hrtimer_interrupt

Make the smp call for machine_crash_nonpanic_core() asynchronous.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A flaw in the Linux kernel's ARM kexec code could cause a warning during panic from hrtimer interrupt; fixed by making SMP stop calls asynchronous.

The vulnerability is a bug in the Linux kernel's crash handling on ARM systems. When a panic is triggered by a hrtimer interrupt (e.g., from a watchdog timer), the code in crash_smp_send_stop() calls smp_call_function() synchronously with interrupts disabled. This triggers a warning because smp_call_function() should not be used from softirq context, as highlighted by commit 19dbdcb8039c [1].

To exploit this, an attacker would need to trigger a panic via a timer interrupt on a multi-core ARM system. This could be achieved through local access to a watchdog or similar mechanism that causes a kernel panic. The attack surface is limited to local users who can trigger such events.

The impact is a kernel warning and potential system instability, but no direct security compromise (e.g., privilege escalation or data breach). The warning may cause log noise and disrupt debugging, but the system may continue to operate.

The fix, committed to the Linux kernel stable branches [1][2], makes the SMP call asynchronous by using smp_call_function_single_async() instead of the synchronous variant, avoiding the warning condition. Users should update to a kernel version containing this patch.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

4
46870eea5496
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
ee378f45a70d
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
5590ba4560ee
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
8922ba71c969
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.