VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 22, 2025· Updated Apr 15, 2026

CVE-2023-53727

CVE-2023-53727

Description

In the Linux kernel, the following vulnerability has been resolved:

net/sched: fq_pie: avoid stalls in fq_pie_timer()

When setting a high number of flows (limit being 65536), fq_pie_timer() is currently using too much time as syzbot reported.

Add logic to yield the cpu every 2048 flows (less than 150 usec on debug kernels). It should also help by not blocking qdisc fast paths for too long. Worst case (65536 flows) would need 31 jiffies for a complete scan.

Relevant extract from syzbot report:

rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 2663 jiffies s: 873 root: 0x1/. rcu: blocking rcu_node structures (internal RCU debug): Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 5177 Comm: syz-executor273 Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 RIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline] RIP: 0010:write_comp_data+0x21/0x90 kernel/kcov.c:236 Code: 2e 0f 1f 84 00 00 00 00 00 65 8b 05 01 b2 7d 7e 49 89 f1 89 c6 49 89 d2 81 e6 00 01 00 00 49 89 f8 65 48 8b 14 25 80 b9 03 00 00 01 ff 00 74 0e 85 f6 74 59 8b 82 04 16 00 00 85 c0 74 4f 8b RSP: 0018:ffffc90000007bb8 EFLAGS: 00000206 RAX: 0000000000000101 RBX: ffffc9000dc0d140 RCX: ffffffff885893b0 RDX: ffff88807c075940 RSI: 0000000000000100 RDI: 0000000000000001 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000dc0d178 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 0000555555d54380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f6b442f6130 CR3: 000000006fe1c000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace:

pie_calculate_probability+0x480/0x850 net/sched/sch_pie.c:415 fq_pie_timer+0x1da/0x4f0 net/sched/sch_fq_pie.c:387 call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A high-flow-count fq_pie qdisc in the Linux kernel can cause excessive RCU stall warnings due to a lack of preemption in fq_pie_timer().

Vulnerability: RCU stall in fq_pie_timer()

The fq_pie (FlowQueue Proportional Integral Controller Enhanced) qdisc in the Linux kernel's net/sched subsystem was susceptible to RCU stall warnings when configured with a large number of flows. The timer handler fq_pie_timer() iterated over all active flows without yielding the CPU, which could block the qdisc's fast path and prevent RCU grace periods from completing.

Attack

Vector and Prerequisites

An attacker with the ability to create a high number of network flows (e.g., through crafted traffic or by manipulating the qdisc configuration) could trigger this condition. The qdisc's limit parameter can be set up to 65536 flows. In a worst-case scenario, a full scan of 65536 flows could take 31 jiffies, causing significant CPU hogging and potentially leading to denial-of-service (DoS) conditions.

Impact

The lack of preemption in the timer handler caused the CPU to be monopolized, leading to RCU stall detections as reported by syzbot. The RCU stall messages included backtraces showing the call path through pie_calculate_probability() and fq_pie_timer(). This can result in system instability, reduced performance, or even a full system hang if the stall persists.

Mitigation

The fix, committed to the Linux kernel, adds a yield to the CPU every 2048 flows processed in fq_pie_timer(). This limits the time spent in the timer to less than 150 microseconds (on debug kernels) and prevents the RCU stall. The patch has been included in upstream kernel stable branches, and users are advised to apply the update. [1][2]

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Linux/Kernelinferred2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)

Patches

5
94d527c3759d
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
973a4c302d7f
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
f39b49077abe
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
e093000e7d13
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
8c21ab1bae94
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.