VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2023-54160

CVE-2023-54160

Description

In the Linux kernel, the following vulnerability has been resolved:

firmware: arm_sdei: Fix sleep from invalid context BUG

Running a preempt-rt (v6.2-rc3-rt1) based kernel on an Ampere Altra triggers:

BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46 in_atomic(): 0, irqs_disabled(): 128, non_block: 0, pid: 24, name: cpuhp/0 preempt_count: 0, expected: 0 RCU nest depth: 0, expected: 0 3 locks held by cpuhp/0/24: #0: ffffda30217c70d0 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x5c/0x248 #1: ffffda30217c7120 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x5c/0x248 #2: ffffda3021c711f0 (sdei_list_lock){....}-{3:3}, at: sdei_cpuhp_up+0x3c/0x130 irq event stamp: 36 hardirqs last enabled at (35): [] finish_task_switch+0xb4/0x2b0 hardirqs last disabled at (36): [] cpuhp_thread_fun+0x21c/0x248 softirqs last enabled at (0): [] copy_process+0x63c/0x1ac0 softirqs last disabled at (0): [<0000000000000000>] 0x0 CPU: 0 PID: 24 Comm: cpuhp/0 Not tainted 5.19.0-rc3-rt5-[...] Hardware name: WIWYNN Mt.Jade Server [...] Call trace: dump_backtrace+0x114/0x120 show_stack+0x20/0x70 dump_stack_lvl+0x9c/0xd8 dump_stack+0x18/0x34 __might_resched+0x188/0x228 rt_spin_lock+0x70/0x120 sdei_cpuhp_up+0x3c/0x130 cpuhp_invoke_callback+0x250/0xf08 cpuhp_thread_fun+0x120/0x248 smpboot_thread_fn+0x280/0x320 kthread+0x130/0x140 ret_from_fork+0x10/0x20

sdei_cpuhp_up() is called in the STARTING hotplug section, which runs with interrupts disabled. Use a CPUHP_AP_ONLINE_DYN entry instead to execute the cpuhp cb later, with preemption enabled.

SDEI originally got its own cpuhp slot to allow interacting with perf. It got superseded by pNMI and this early slot is not relevant anymore. [1]

Some SDEI calls (e.g. SDEI_1_0_FN_SDEI_PE_MASK) take actions on the calling CPU. It is checked that preemption is disabled for them. _ONLINE cpuhp cb are executed in the 'per CPU hotplug thread'. Preemption is enabled in those threads, but their cpumask is limited to 1 CPU. Move 'WARN_ON_ONCE(preemptible())' statements so that SDEI cpuhp cb don't trigger them.

Also add a check for the SDEI_1_0_FN_SDEI_PRIVATE_RESET SDEI call which acts on the calling CPU.

[1]: https://lore.kernel.org/all/5813b8c5-ae3e-87fd-fccc-94c9cd08816d@arm.com/

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A Linux kernel bug in the arm_sdei driver causes a 'sleep from invalid context' BUG during CPU hotplug on PREEMPT_RT systems.

Vulnerability

CVE-2023-54160 is a bug in the Linux kernel's ARM Software Delegated Exception Interface (SDEI) driver. The function sdei_cpuhp_up() is invoked during the CPU hotplug STARTING section, which runs with interrupts disabled. On a PREEMPT_RT kernel, this leads to a BUG: sleeping function called from invalid context because the function attempts to acquire a spinlock that is converted to a sleeping lock on RT, which is not allowed in atomic context [1].

Exploitation

The vulnerability is triggered during normal CPU hotplug operations, such as when a CPU is brought online. The attack surface is local; an attacker would need to be able to trigger CPU hotplug events, which typically requires root privileges or physical access. The bug manifests as a kernel panic (BUG) that can cause a denial of service (system crash) on affected systems [1].

Impact

An attacker who can trigger CPU hotplug on a system running a PREEMPT_RT kernel with the vulnerable SDEI driver can cause a denial of service by crashing the kernel. The impact is limited to availability; there is no evidence of privilege escalation or information disclosure [1].

Mitigation

The fix, committed to the Linux kernel, moves the SDEI CPU hotplug callback from the STARTING section to an CPUHP_AP_ONLINE_DYN entry, which runs later with preemption enabled, avoiding the invalid sleep [1]. Users should apply the kernel patch or update to a kernel version containing the fix.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

7
59842a9ba27d
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
48ac727ea4a3
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
7d8f5ccc826b
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
66caf2278771
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
a8267bc8de73
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
18d5ea5b7461
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
d2c48b2387eb
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

News mentions

0

No linked articles in our index yet.