2420283 – (CVE-2023-53799) CVE-2023-53799 kernel: crypto: api - Use work queue in crypto_destroy_instance

Bug 2420283 (CVE-2023-53799) - CVE-2023-53799 kernel: crypto: api - Use work queue in crypto_destroy_instance

Summary: CVE-2023-53799 kernel: crypto: api - Use work queue in crypto_destroy_instance

Keywords:
Status:	NEW
Alias:	CVE-2023-53799
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-09 01:05 UTC by OSIDB Bzimport
Modified:	2025-12-10 04:36 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-09 01:05:44 UTC

In the Linux kernel, the following vulnerability has been resolved:

crypto: api - Use work queue in crypto_destroy_instance

The function crypto_drop_spawn expects to be called in process
context.  However, when an instance is unregistered while it still
has active users, the last user may cause the instance to be freed
in atomic context.

Fix this by delaying the freeing to a work queue.

Comment 1 Alexander B 2025-12-10 04:32:58 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025120942-CVE-2023-53799-8397@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.