VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Apr 15, 2026

CVE-2023-53859

CVE-2023-53859

Description

In the Linux kernel, the following vulnerability has been resolved:

s390/idle: mark arch_cpu_idle() noinstr

linux-next commit ("cpuidle: tracing: Warn about !rcu_is_watching()") adds a new warning which hits on s390's arch_cpu_idle() function:

RCU not on for: arch_cpu_idle+0x0/0x28 WARNING: CPU: 2 PID: 0 at include/linux/trace_recursion.h:162 arch_ftrace_ops_list_func+0x24c/0x258 Modules linked in: CPU: 2 PID: 0 Comm: swapper/2 Not tainted 6.2.0-rc6-next-20230202 #4 Hardware name: IBM 8561 T01 703 (z/VM 7.3.0) Krnl PSW : 0404d00180000000 00000000002b55c0 (arch_ftrace_ops_list_func+0x250/0x258) R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3 Krnl GPRS: c0000000ffffbfff 0000000080000002 0000000000000026 0000000000000000 0000037ffffe3a28 0000037ffffe3a20 0000000000000000 0000000000000000 0000000000000000 0000000000f4acf6 00000000001044f0 0000037ffffe3cb0 0000000000000000 0000000000000000 00000000002b55bc 0000037ffffe3bb8 Krnl Code: 00000000002b55b0: c02000840051 larl %r2,0000000001335652 00000000002b55b6: c0e5fff512d1 brasl %r14,0000000000157b58 #00000000002b55bc: af000000 mc 0,0 >00000000002b55c0: a7f4ffe7 brc 15,00000000002b558e 00000000002b55c4: 0707 bcr 0,%r7 00000000002b55c6: 0707 bcr 0,%r7 00000000002b55c8: eb6ff0480024 stmg %r6,%r15,72(%r15) 00000000002b55ce: b90400ef lgr %r14,%r15 Call Trace: [<00000000002b55c0>] arch_ftrace_ops_list_func+0x250/0x258 ([<00000000002b55bc>] arch_ftrace_ops_list_func+0x24c/0x258) [<0000000000f5f0fc>] ftrace_common+0x1c/0x20 [<00000000001044f6>] arch_cpu_idle+0x6/0x28 [<0000000000f4acf6>] default_idle_call+0x76/0x128 [<00000000001cc374>] do_idle+0xf4/0x1b0 [<00000000001cc6ce>] cpu_startup_entry+0x36/0x40 [<0000000000119d00>] smp_start_secondary+0x140/0x150 [<0000000000f5d2ae>] restart_int_handler+0x6e/0x90

Mark arch_cpu_idle() noinstr like all other architectures with CONFIG_ARCH_WANTS_NO_INSTR (should) have it to fix this.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A missing noinstr annotation on s390's arch_cpu_idle() causes a RCU warning during idle, risking system instability.

Vulnerability

Description

CVE-2023-53859 addresses a bug in the Linux kernel's s390 architecture where the arch_cpu_idle() function was not properly annotated with noinstr. This missing annotation caused the function to be traced or instrumented in a way that triggered a warning: "RCU not on for: arch_cpu_idle+0x0/0x28". The root cause is that when arch_cpu_idle() is called, RCU (Read-Copy-Update) may not be watching, which is required for safe tracing. The warning was introduced by a new check in a linux-next commit for cpuidle tracing.

Exploitation and

Attack Surface

To trigger this warning, an attacker or even normal system operation would need to invoke the idle loop on an s390 system. The warning is triggered in the default_idle_call path when the CPU enters idle state. This is reachable from local userspace or even under normal kernel operation without any special privileges. The attack surface is local, as it requires running code on the machine. The prerequisite is a kernel built with certain tracing options enabled, which is common in many configurations.

Impact

The impact is a kernel warning and potential system instability. The warning can be triggered repeatedly, potentially leading to denial of service if the system is configured to panic on warnings. In a worst-case scenario, an attacker with local access could force the system into a state where panics occur, causing downtime. However, the vulnerability is primarily a stability issue rather than a security breach.

Mitigation

The fix is to mark arch_cpu_idle() with the noinstr attribute, which prevents instrumentation and tracing in contexts where RCU is not watching. The patch was applied to the stable kernel tree [1][2]. Users should update their kernels to a version containing this commit to prevent the warning.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

4
49aa49952116
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
611c39021710
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
fc60c4f12d8a
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
a9cbc1b471d2
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.