{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-53799", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-08T23:58:35.275Z", "datePublished": "2025-12-09T00:00:55.629Z", "dateUpdated": "2025-12-09T00:00:55.629Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-09T00:00:55.629Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: api - Use work queue in crypto_destroy_instance\n\nThe function crypto_drop_spawn expects to be called in process\ncontext. However, when an instance is unregistered while it still\nhas active users, the last user may cause the instance to be freed\nin atomic context.\n\nFix this by delaying the freeing to a work queue."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["crypto/algapi.c", "include/crypto/algapi.h"], "versions": [{"version": "6bfd48096ff8ecabf955958b51ddfa7988eb0a14", "lessThan": "625bf86bf53eb7a8ee60fb9dc45b272b77e5ce1c", "status": "affected", "versionType": "git"}, {"version": "6bfd48096ff8ecabf955958b51ddfa7988eb0a14", "lessThan": "048545d9fc6424b0a11e7e8771225bb9afe09422", "status": "affected", "versionType": "git"}, {"version": "6bfd48096ff8ecabf955958b51ddfa7988eb0a14", "lessThan": "c4cb61c5f976183c07d16b0071f0c60bc212ef1f", "status": "affected", "versionType": "git"}, {"version": "6bfd48096ff8ecabf955958b51ddfa7988eb0a14", "lessThan": "867a146690960ac7b89ce40f4ee60dd32eeb1682", "status": "affected", "versionType": "git"}, {"version": "6bfd48096ff8ecabf955958b51ddfa7988eb0a14", "lessThan": "c0dbcebc7f390ec7dbe010dcc22c60f0c6bfc26d", "status": "affected", "versionType": "git"}, {"version": "6bfd48096ff8ecabf955958b51ddfa7988eb0a14", "lessThan": "9ae4577bc077a7e32c3c7d442c95bc76865c0f17", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["crypto/algapi.c", "include/crypto/algapi.h"], "versions": [{"version": "2.6.19", "status": "affected"}, {"version": "0", "lessThan": "2.6.19", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.195", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.132", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.53", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.4.16", "lessThanOrEqual": "6.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.3", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.19", "versionEndExcluding": "5.10.195"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.19", "versionEndExcluding": "5.15.132"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.19", "versionEndExcluding": "6.1.53"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.19", "versionEndExcluding": "6.4.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.19", "versionEndExcluding": "6.5.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.19", "versionEndExcluding": "6.6"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/625bf86bf53eb7a8ee60fb9dc45b272b77e5ce1c"}, {"url": "https://git.kernel.org/stable/c/048545d9fc6424b0a11e7e8771225bb9afe09422"}, {"url": "https://git.kernel.org/stable/c/c4cb61c5f976183c07d16b0071f0c60bc212ef1f"}, {"url": "https://git.kernel.org/stable/c/867a146690960ac7b89ce40f4ee60dd32eeb1682"}, {"url": "https://git.kernel.org/stable/c/c0dbcebc7f390ec7dbe010dcc22c60f0c6bfc26d"}, {"url": "https://git.kernel.org/stable/c/9ae4577bc077a7e32c3c7d442c95bc76865c0f17"}], "title": "crypto: api - Use work queue in crypto_destroy_instance", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: api - Use work queue in crypto_destroy_instance\n\nThe function crypto_drop_spawn expects to be called in process\ncontext. However, when an instance is unregistered while it still\nhas active users, the last user may cause the instance to be freed\nin atomic context.\n\nFix this by delaying the freeing to a work queue."}], "id": "CVE-2023-53799", "lastModified": "2025-12-09T18:37:13.640", "metrics": {}, "published": "2025-12-09T01:16:51.597", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/048545d9fc6424b0a11e7e8771225bb9afe09422"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/625bf86bf53eb7a8ee60fb9dc45b272b77e5ce1c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/867a146690960ac7b89ce40f4ee60dd32eeb1682"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9ae4577bc077a7e32c3c7d442c95bc76865c0f17"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c0dbcebc7f390ec7dbe010dcc22c60f0c6bfc26d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c4cb61c5f976183c07d16b0071f0c60bc212ef1f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: crypto: api - Use work queue in crypto_destroy_instance", "id": "2420283", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420283"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ncrypto: api - Use work queue in crypto_destroy_instance\nThe function crypto_drop_spawn expects to be called in process\ncontext. However, when an instance is unregistered while it still\nhas active users, the last user may cause the instance to be freed\nin atomic context.\nFix this by delaying the freeing to a work queue."], "name": "CVE-2023-53799", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-53799\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53799\nhttps://lore.kernel.org/linux-cve-announce/2025120942-CVE-2023-53799-8397@gregkh/T"], "threat_severity": "Important"}