CVE-2023-54000
Description
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: fix deadlock issue when externel_lb and reset are executed together
When externel_lb and reset are executed together, a deadlock may occur: [ 3147.217009] INFO: task kworker/u321:0:7 blocked for more than 120 seconds. [ 3147.230483] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3147.238999] task:kworker/u321:0 state:D stack: 0 pid: 7 ppid: 2 flags:0x00000008 [ 3147.248045] Workqueue: hclge hclge_service_task [hclge] [ 3147.253957] Call trace: [ 3147.257093] __switch_to+0x7c/0xbc [ 3147.261183] __schedule+0x338/0x6f0 [ 3147.265357] schedule+0x50/0xe0 [ 3147.269185] schedule_preempt_disabled+0x18/0x24 [ 3147.274488] __mutex_lock.constprop.0+0x1d4/0x5dc [ 3147.279880] __mutex_lock_slowpath+0x1c/0x30 [ 3147.284839] mutex_lock+0x50/0x60 [ 3147.288841] rtnl_lock+0x20/0x2c [ 3147.292759] hclge_reset_prepare+0x68/0x90 [hclge] [ 3147.298239] hclge_reset_subtask+0x88/0xe0 [hclge] [ 3147.303718] hclge_reset_service_task+0x84/0x120 [hclge] [ 3147.309718] hclge_service_task+0x2c/0x70 [hclge] [ 3147.315109] process_one_work+0x1d0/0x490 [ 3147.319805] worker_thread+0x158/0x3d0 [ 3147.324240] kthread+0x108/0x13c [ 3147.328154] ret_from_fork+0x10/0x18
In externel_lb process, the hns3 driver call napi_disable() first, then the reset happen, then the restore process of the externel_lb will fail, and will not call napi_enable(). When doing externel_lb again, napi_disable() will be double call, cause a deadlock of rtnl_lock().
This patch use the HNS3_NIC_STATE_DOWN state to protect the calling of napi_disable() and napi_enable() in externel_lb process, just as the usage in ndo_stop() and ndo_start().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Deadlock in Linux kernel hns3 driver when external loopback and reset compete, fixed by guarding napi_disable/enable with NIC state.
Root
Cause CVE-2023-54000 describes a deadlock in the Linux kernel's hns3 network driver when external loopback (externel_lb) and a hardware reset are executed concurrently. During external loopback, the driver calls napi_disable(). If a reset occurs before the corresponding napi_enable(), the restore process fails and leaves NAPI disabled. A subsequent external loopback attempt then calls napi_disable() again, leading to a deadlock on the RTNL lock (rtnl_lock()). [1]
Exploitation
An attacker with local access (or the ability to trigger both operations) can exploit this by initiating an external loopback test and simultaneously triggering a device reset. The race condition causes a kernel task to block indefinitely on rtnl_lock, as seen in the stack trace where hclge_reset_prepare waits for the lock. No authentication beyond the ability to issue these operations is required.
Impact
The deadlock results in a denial of service (DoS) condition—system processes hang, affecting networking functionality and potentially causing the entire system to become unresponsive. The vulnerability affects kernel versions prior to the fix.
Mitigation
The fix is included in the Linux kernel stable tree via commits [1] and [2]. It uses the HNS3_NIC_STATE_DOWN flag to protect napi_disable() and napi_enable(), similar to the approach in ndo_stop() and ndo_start(). Users should apply the latest kernel updates to prevent exploitation.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
4d9f609cb50eb743f7c1762e0ef2d6bf96956ac6257a3ae5dVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.