CVE-2023-54045 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

audit: fix possible soft lockup in __audit_inode_child()

Tracefs or debugfs maybe cause hundreds to thousands of PATH records,
too many PATH records maybe cause soft lockup.

For example:
1. CONFIG_KASAN=y && CONFIG_PREEMPTION=n
2. auditctl -a exit,always -S open -k key
3. sysctl -w kernel.watchdog_thresh=5
4. mkdir /sys/kernel/debug/tracing/instances/test

There may be a soft lockup as follows:
watchdog: BUG: soft lockup - CPU#45 stuck for 7s! [mkdir:15498]
Kernel panic - not syncing: softlockup: hung tasks
Call trace:
dump_backtrace+0x0/0x30c
show_stack+0x20/0x30
dump_stack+0x11c/0x174
panic+0x27c/0x494
watchdog_timer_fn+0x2bc/0x390
__run_hrtimer+0x148/0x4fc
__hrtimer_run_queues+0x154/0x210
hrtimer_interrupt+0x2c4/0x760
arch_timer_handler_phys+0x48/0x60
handle_percpu_devid_irq+0xe0/0x340
__handle_domain_irq+0xbc/0x130
gic_handle_irq+0x78/0x460
el1_irq+0xb8/0x140
__audit_inode_child+0x240/0x7bc
tracefs_create_file+0x1b8/0x2a0
trace_create_file+0x18/0x50
event_create_dir+0x204/0x30c
__trace_add_new_event+0xac/0x100
event_trace_add_tracer+0xa0/0x130
trace_array_create_dir+0x60/0x140
trace_array_create+0x1e0/0x370
instance_mkdir+0x90/0xd0
tracefs_syscall_mkdir+0x68/0xa0
vfs_mkdir+0x21c/0x34c
do_mkdirat+0x1b4/0x1d4
__arm64_sys_mkdirat+0x4c/0x60
el0_svc_common.constprop.0+0xa8/0x240
do_el0_svc+0x8c/0xc0
el0_svc+0x20/0x30
el0_sync_handler+0xb0/0xb4
el0_sync+0x160/0x180

Therefore, we add cond_resched() to __audit_inode_child() to fix it.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00049.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`5195d8e217a78697152d64fc09a16e063a022465`	affected	< d061e2bfc20f2914656385816e0d20566213c54c
`5195d8e217a78697152d64fc09a16e063a022465`	affected	< 1640c7bd4eddec6c72f3a99cbb74e333a2ce9f5d
`5195d8e217a78697152d64fc09a16e063a022465`	affected	< f6364fa751d7486502c777f124a14d4d543fc5eb
`5195d8e217a78697152d64fc09a16e063a022465`	affected	< 98ef243d5900d75a64539a2165745bffbb155d43
`5195d8e217a78697152d64fc09a16e063a022465`	affected	< 0152e7758cc4e9f8bfba8dbea4438d8e488d6c08
`5195d8e217a78697152d64fc09a16e063a022465`	affected	< 9ca08adb75fb40a8f742c371927ee73f9dc753bf
`5195d8e217a78697152d64fc09a16e063a022465`	affected	< 8a40b491372966ba5426e138a53460985565d5a6
`5195d8e217a78697152d64fc09a16e063a022465`	affected	< 8e76b944a7b9bddef190ffe2e29c9ae342ab91ed
`5195d8e217a78697152d64fc09a16e063a022465`	affected	< b59bc6e37237e37eadf50cd5de369e913f524463

Linux

affected

Version	Status	Constraints
`3.3`	affected	—
`0`	unaffected	< 3.3
`4.14.326`	unaffected	≤ 4.14.*
`4.19.295`	unaffected	≤ 4.19.*
`5.4.257`	unaffected	≤ 5.4.*
`5.10.195`	unaffected	≤ 5.10.*
`5.15.132`	unaffected	≤ 5.15.*
`6.1.53`	unaffected	≤ 6.1.*
`6.4.16`	unaffected	≤ 6.4.*
`6.5.3`	unaffected	≤ 6.5.*
`6.6`	unaffected	≤ *

No data.

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/0152e7758cc4e9f8bfba8dbea4438d8e488d6c08
https://git.kernel.org/stable/c/1640c7bd4eddec6c72f3a99cbb74e333a2ce9f5d
https://git.kernel.org/stable/c/8a40b491372966ba5426e138a53460985565d5a6
https://git.kernel.org/stable/c/8e76b944a7b9bddef190ffe2e29c9ae342ab91ed
https://git.kernel.org/stable/c/98ef243d5900d75a64539a2165745bffbb155d43
https://git.kernel.org/stable/c/9ca08adb75fb40a8f742c371927ee73f9dc753bf
https://git.kernel.org/stable/c/b59bc6e37237e37eadf50cd5de369e913f524463
https://git.kernel.org/stable/c/d061e2bfc20f2914656385816e0d20566213c54c
https://git.kernel.org/stable/c/f6364fa751d7486502c777f124a14d4d543fc5eb
https://lore.kernel.org/linux-cve-announce/2025122423-CVE-2023-54045-e0ff@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-54045
https://www.cve.org/CVERecord?id=CVE-2023-54045

History

Thu, 25 Dec 2025 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025122423-CVE-2023-54045-e0ff@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2023-54045 https://www.cve.org/CVERecord?id=CVE-2023-54045
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 24 Dec 2025 12:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: audit: fix possible soft lockup in __audit_inode_child() Tracefs or debugfs maybe cause hundreds to thousands of PATH records, too many PATH records maybe cause soft lockup. For example: 1. CONFIG_KASAN=y && CONFIG_PREEMPTION=n 2. auditctl -a exit,always -S open -k key 3. sysctl -w kernel.watchdog_thresh=5 4. mkdir /sys/kernel/debug/tracing/instances/test There may be a soft lockup as follows: watchdog: BUG: soft lockup - CPU#45 stuck for 7s! [mkdir:15498] Kernel panic - not syncing: softlockup: hung tasks Call trace: dump_backtrace+0x0/0x30c show_stack+0x20/0x30 dump_stack+0x11c/0x174 panic+0x27c/0x494 watchdog_timer_fn+0x2bc/0x390 __run_hrtimer+0x148/0x4fc __hrtimer_run_queues+0x154/0x210 hrtimer_interrupt+0x2c4/0x760 arch_timer_handler_phys+0x48/0x60 handle_percpu_devid_irq+0xe0/0x340 __handle_domain_irq+0xbc/0x130 gic_handle_irq+0x78/0x460 el1_irq+0xb8/0x140 __audit_inode_child+0x240/0x7bc tracefs_create_file+0x1b8/0x2a0 trace_create_file+0x18/0x50 event_create_dir+0x204/0x30c __trace_add_new_event+0xac/0x100 event_trace_add_tracer+0xa0/0x130 trace_array_create_dir+0x60/0x140 trace_array_create+0x1e0/0x370 instance_mkdir+0x90/0xd0 tracefs_syscall_mkdir+0x68/0xa0 vfs_mkdir+0x21c/0x34c do_mkdirat+0x1b4/0x1d4 __arm64_sys_mkdirat+0x4c/0x60 el0_svc_common.constprop.0+0xa8/0x240 do_el0_svc+0x8c/0xc0 el0_svc+0x20/0x30 el0_sync_handler+0xb0/0xb4 el0_sync+0x160/0x180 Therefore, we add cond_resched() to __audit_inode_child() to fix it.
Title		audit: fix possible soft lockup in __audit_inode_child()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0152e7758cc4e9f8bfba8dbea4438d8e488d6c08 https://git.kernel.org/stable/c/1640c7bd4eddec6c72f3a99cbb74e333a2ce9f5d https://git.kernel.org/stable/c/8a40b491372966ba5426e138a53460985565d5a6 https://git.kernel.org/stable/c/8e76b944a7b9bddef190ffe2e29c9ae342ab91ed https://git.kernel.org/stable/c/98ef243d5900d75a64539a2165745bffbb155d43 https://git.kernel.org/stable/c/9ca08adb75fb40a8f742c371927ee73f9dc753bf https://git.kernel.org/stable/c/b59bc6e37237e37eadf50cd5de369e913f524463 https://git.kernel.org/stable/c/d061e2bfc20f2914656385816e0d20566213c54c https://git.kernel.org/stable/c/f6364fa751d7486502c777f124a14d4d543fc5eb

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-24T12:22:56.742Z

Updated: 2025-12-24T12:22:56.742Z

Reserved: 2025-12-24T10:53:46.182Z

Link: CVE-2023-54045

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-12-24T13:16:06.147

Modified: 2025-12-29T15:58:34.503

Link: CVE-2023-54045

Redhat

Severity : Low

Publid Date: 2025-12-24T00:00:00Z

Links: CVE-2023-54045 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object