VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2023-53986

CVE-2023-53986

Description

In the Linux kernel, the following vulnerability has been resolved:

mips: bmips: BCM6358: disable RAC flush for TP1

RAC flush causes kernel panics on BCM6358 with EHCI/OHCI when booting from TP1: [ 3.881739] usb 1-1: new high-speed USB device number 2 using ehci-platform [ 3.895011] Reserved instruction in kernel code[#1]: [ 3.900113] CPU: 0 PID: 1 Comm: init Not tainted 5.10.16 #0 [ 3.905829] $ 0 : 00000000 10008700 00000000 77d94060 [ 3.911238] $ 4 : 7fd1f088 00000000 81431cac 81431ca0 [ 3.916641] $ 8 : 00000000 ffffefff 8075cd34 00000000 [ 3.922043] $12 : 806f8d40 f3e812b7 00000000 000d9aaa [ 3.927446] $16 : 7fd1f068 7fd1f080 7ff559b8 81428470 [ 3.932848] $20 : 00000000 00000000 55590000 77d70000 [ 3.938251] $24 : 00000018 00000010 [ 3.943655] $28 : 81430000 81431e60 81431f28 800157fc [ 3.949058] Hi : 00000000 [ 3.952013] Lo : 00000000 [ 3.955019] epc : 80015808 setup_sigcontext+0x54/0x24c [ 3.960464] ra : 800157fc setup_sigcontext+0x48/0x24c [ 3.965913] Status: 10008703 KERNEL EXL IE [ 3.970216] Cause : 00800028 (ExcCode 0a) [ 3.974340] PrId : 0002a010 (Broadcom BMIPS4350) [ 3.979170] Modules linked in: ohci_platform ohci_hcd fsl_mph_dr_of ehci_platform ehci_fsl ehci_hcd gpio_button_hotplug usbcore nls_base usb_common [ 3.992907] Process init (pid: 1, threadinfo=(ptrval), task=(ptrval), tls=77e22ec8) [ 4.000776] Stack : 81431ef4 7fd1f080 81431f28 81428470 7fd1f068 81431edc 7ff559b8 81428470 [ 4.009467] 81431f28 7fd1f080 55590000 77d70000 77d5498c 80015c70 806f0000 8063ae74 [ 4.018149] 08100002 81431f28 0000000a 08100002 81431f28 0000000a 77d6b418 00000003 [ 4.026831] ffffffff 80016414 80080734 81431ecc 81431ecc 00000001 00000000 04000000 [ 4.035512] 77d54874 00000000 00000000 00000000 00000000 00000012 00000002 00000000 [ 4.044196] ... [ 4.046706] Call Trace: [ 4.049238] [<80015808>] setup_sigcontext+0x54/0x24c [ 4.054356] [<80015c70>] setup_frame+0xdc/0x124 [ 4.059015] [<80016414>] do_notify_resume+0x1dc/0x288 [ 4.064207] [<80011b50>] work_notifysig+0x10/0x18 [ 4.069036] [ 4.070538] Code: 8fc300b4 00001025 26240008 ac830004 3c048063 0c0228aa 24846a00 26240010 [ 4.080686] [ 4.082517] ---[ end trace 22a8edb41f5f983b ]--- [ 4.087374] Kernel panic - not syncing: Fatal exception [ 4.092753] Rebooting in 1 seconds..

Because the bootloader (CFE) is not initializing the Read-ahead cache properly on the second thread (TP1). Since the RAC was not initialized properly, we should avoid flushing it at the risk of corrupting the instruction stream as seen in the trace above.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A Reserved Instruction kernel panic occurs on BCM on BCM6358 MIPS systems when booting from TP1 with EHCI/OHCI USB controllers, caused by RAC flush. Fixed by disabling RAC flush for TP1.

## CVE-2023-2023-53986: Linux kernel vulnerability affecting MIPS BCM6358 with RAC flush The vulnerability is triggered when the Linux kernel performs a hardware RAC flush on the Broadcom BCM635 chipset. As documented in the CVE description, the BCM6358's RAC flush instruction is invalid for CPU core TP1 (one of two MIPS cores), causing a Reserved Instruction exception during USB subsystem initialization. The kernel panics with a fatal exception (#1) while setting up signal context for the init process when EHCI/OHCI USB controllers are active. [1] [2] [3]

The attack surface is limited to systems booting from TP1 core on BCM6358. An attacker needs physical or local access to trigger USB activity that would provoke the crashed signal handling. No authentication is required, but the prerequisite is a system with BCM6358 SoC booted from the affected core and using USB drivers. The crash occurs during kernel signal frame setup (setup_sigcontext, setup_frame). [1] [2] [3]

The impact is a kernel denial-of-service (panic) that halts system operation. The attacker can cause a persistent system crash by connecting or probing USB devices. There is no evidence of privilege escalation or data corruption beyond the crash itself. The official patch disables RAC flush for TP1 for TP1. [1] [2] [3]

The vulnerability has been fixed in mainline Linux versions 5.10, 5.15, and later through commits [1-3]. Users must apply kernel updates to stable releases that include this fix.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

6
d65de5ee8b72
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
47a449ec09b4
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
65b723644294
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
2cdbcff99f15
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
288c96aa5b55
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
ab327f8acdf8
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.