CVE-2023-52993 – A Linux kernel vulnerability where legacy PIC i... (How to Fix)

Q: What is the severity of CVE-2023-52993?

CVE-2023-52993 has a CVSS score of 5.5 (MEDIUM). A Linux kernel vulnerability where legacy PIC interrupts aren't properly marked as level-triggered, causing the kernel to incorrectly resend timer interrupts in software. This can trigger a NULL pointer dereference during crash recovery, potentially preventing crash-kernel boot. Affects Linux systems using legacy PIC interrupts.

📋 TL;DR

A Linux kernel vulnerability where legacy PIC interrupts aren't properly marked as level-triggered, causing the kernel to incorrectly resend timer interrupts in software. This can trigger a NULL pointer dereference during crash recovery, potentially preventing crash-kernel boot. Affects Linux systems using legacy PIC interrupts.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE, but patches target stable kernel branches

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using legacy PIC interrupts (typically older hardware or specific configurations). Systems using APIC mode exclusively may not be affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System crash or kernel panic during crash recovery, preventing successful boot of crash-kernel for forensic analysis.

🟠

Likely Case

Intermittent system instability during crash scenarios, with crash-kernel failing to boot approximately 50% of the time as reported.

🟢

If Mitigated

Minimal impact if system doesn't experience crashes requiring crash-kernel recovery.

🌐 Internet-Facing: LOW - Requires local system crash to trigger, not directly exploitable via network.

🏢 Internal Only: MEDIUM - Affects system reliability during crash recovery scenarios, which could impact availability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires triggering a system crash first, then relying on the bug during crash-kernel boot. Not a direct remote or local privilege escalation vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel branches via provided git commits

Vendor Advisory: https://git.kernel.org/stable/c/0b08201158f177aab469e356b4d6af24fdd118df

Restart Required: Yes

Instructions:

1. Identify current kernel version. 2. Apply appropriate kernel patch from provided git commits. 3. Rebuild kernel if using custom kernel. 4. Reboot system with patched kernel.

🔧 Temporary Workarounds

Force APIC mode

linux

Configure system to use APIC mode instead of legacy PIC interrupts if hardware supports it

Add 'nolapic' or 'noapic' kernel boot parameters to force APIC mode (check hardware compatibility)

🧯 If You Can't Patch

Ensure crash-kernel functionality is not critical for your use case
Implement robust system monitoring to detect and alert on crashes

🔍 How to Verify

Check if Vulnerable:

Check kernel version and configuration for legacy PIC usage. Examine /proc/interrupts for IRQ0 legacy timer entries.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits. Test crash recovery functionality if possible.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages during crash recovery
NULL pointer dereference errors in kernel logs related to timer interrupts
Failed crash-kernel boot attempts

Network Indicators:

None - this is a local kernel issue

SIEM Query:

source="kernel" AND ("NULL pointer dereference" OR "IRQ0" OR "crash-kernel failed")

📊 Metadata

CVE ID: CVE-2023-52993

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.02% exploit probability (4.8th percentile)

Published: March 27, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52993, you might also want to check these: