VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 8, 2025· Updated Apr 15, 2026

CVE-2023-53742

CVE-2023-53742

Description

In the Linux kernel, the following vulnerability has been resolved:

kcsan: Avoid READ_ONCE() in read_instrumented_memory()

Haibo Li reported:

| Unable to handle kernel paging request at virtual address | ffffff802a0d8d7171 | Mem abort info:o: | ESR = 0x9600002121 | EC = 0x25: DABT (current EL), IL = 32 bitsts | SET = 0, FnV = 0 0 | EA = 0, S1PTW = 0 0 | FSC = 0x21: alignment fault | Data abort info:o: | ISV = 0, ISS = 0x0000002121 | CM = 0, WnR = 0 0 | swapper pgtable: 4k pages, 39-bit VAs, pgdp=000000002835200000 | [ffffff802a0d8d71] pgd=180000005fbf9003, p4d=180000005fbf9003, | pud=180000005fbf9003, pmd=180000005fbe8003, pte=006800002a0d8707 | Internal error: Oops: 96000021 [#1] PREEMPT SMP | Modules linked in: | CPU: 2 PID: 45 Comm: kworker/u8:2 Not tainted | 5.15.78-android13-8-g63561175bbda-dirty #1 | ... | pc : kcsan_setup_watchpoint+0x26c/0x6bc | lr : kcsan_setup_watchpoint+0x88/0x6bc | sp : ffffffc00ab4b7f0 | x29: ffffffc00ab4b800 x28: ffffff80294fe588 x27: 0000000000000001 | x26: 0000000000000019 x25: 0000000000000001 x24: ffffff80294fdb80 | x23: 0000000000000000 x22: ffffffc00a70fb68 x21: ffffff802a0d8d71 | x20: 0000000000000002 x19: 0000000000000000 x18: ffffffc00a9bd060 | x17: 0000000000000001 x16: 0000000000000000 x15: ffffffc00a59f000 | x14: 0000000000000001 x13: 0000000000000000 x12: ffffffc00a70faa0 | x11: 00000000aaaaaaab x10: 0000000000000054 x9 : ffffffc00839adf8 | x8 : ffffffc009b4cf00 x7 : 0000000000000000 x6 : 0000000000000007 | x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffffffc00a70fb70 | x2 : 0005ff802a0d8d71 x1 : 0000000000000000 x0 : 0000000000000000 | Call trace: | kcsan_setup_watchpoint+0x26c/0x6bc | __tsan_read2+0x1f0/0x234 | inflate_fast+0x498/0x750 | zlib_inflate+0x1304/0x2384 | __gunzip+0x3a0/0x45c | gunzip+0x20/0x30 | unpack_to_rootfs+0x2a8/0x3fc | do_populate_rootfs+0xe8/0x11c | async_run_entry_fn+0x58/0x1bc | process_one_work+0x3ec/0x738 | worker_thread+0x4c4/0x838 | kthread+0x20c/0x258 | ret_from_fork+0x10/0x20 | Code: b8bfc2a8 2a0803f7 14000007 d503249f (78bfc2a8) ) | ---[ end trace 613a943cb0a572b6 ]-----

The reason for this is that on certain arm64 configuration since e35123d83ee3 ("arm64: lto: Strengthen READ_ONCE() to acquire when CONFIG_LTO=y"), READ_ONCE() may be promoted to a full atomic acquire instruction which cannot be used on unaligned addresses.

Fix it by avoiding READ_ONCE() in read_instrumented_memory(), and simply forcing the compiler to do the required access by casting to the appropriate volatile type. In terms of generated code this currently only affects architectures that do not use the default READ_ONCE() implementation.

The only downside is that we are not guaranteed atomicity of the access itself, although on most architectures a plain load up to machine word size should still be atomic (a fact the default READ_ONCE() still relies on itself).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A bug in the Linux kernel's KCSAN tool causes an alignment fault when instrumenting memory accesses, leading to a kernel crash.

Vulnerability

Overview

CVE-2023-53742 is a bug in the Linux kernel's Kernel Concurrency Sanitizer (KCSAN). The issue occurs in the read_instrumented_memory() function, which uses READ_ONCE() to instrument memory reads. Under certain conditions, this can trigger an alignment fault, causing a kernel panic. The problem was reported by Haibo Li, who observed a crash during boot with a data abort error (ESR=0x96000021) indicating an alignment fault [1][2].

Exploitation

Conditions

The vulnerability is triggered when KCSAN is enabled and the kernel attempts to instrument a memory access that is not naturally aligned. The crash trace shows the fault occurring in kcsan_setup_watchpoint() during a __tsan_read2 call, which is part of the TSan (ThreadSanitizer) instrumentation. The attack surface is local; an attacker would need the ability to trigger a memory access that KCSAN instruments, such as during decompression routines (inflate_fast, zlib_inflate) or other kernel operations. No special privileges are required beyond normal system operation, as the crash can occur during legitimate kernel activity like booting [1].

Impact

Successful exploitation results in a denial of service (kernel panic) due to an unhandled alignment fault. The system becomes unresponsive and must be rebooted. There is no indication of privilege escalation or data corruption beyond the crash itself. The vulnerability affects systems running Linux kernel versions prior to the fix, particularly those with KCSAN enabled [1][2].

Mitigation

The fix is included in stable kernel updates. The commits referenced [1] and [2] modify read_instrumented_memory() to avoid using READ_ONCE(), preventing the alignment fault. Users should update to a patched kernel version. No workaround is available other than disabling KCSAN, which may not be feasible for debugging or testing environments [1][2].

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Linux/Kernelinferred2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: >=5.15.78-android13-8-g63561175bbda-dirty prior to fix

Patches

4
706ae665747b
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
75c03a8cfc73
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
f8f229735551
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
8dec88070d96
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.