CVE-2023-53135
📋 TL;DR
This is a stack memory access vulnerability in the Linux kernel's RISC-V architecture implementation. When CONFIG_FRAME_POINTER is disabled and KASAN (Kernel Address Sanitizer) is enabled, the stack unwinding function can read beyond stack boundaries during kernel initialization, potentially causing kernel crashes or instability. It affects Linux systems running on RISC-V hardware.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic during boot or system instability leading to denial of service, potentially requiring physical access to recover the system.
Likely Case
Kernel panic during boot when KASAN is enabled, preventing system startup.
If Mitigated
No impact if KASAN is disabled or CONFIG_FRAME_POINTER is enabled.
🎯 Exploit Status
This appears to be a self-triggering bug during kernel initialization rather than an externally exploitable vulnerability. The issue manifests during boot when specific kernel configurations are used.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with fixes from provided git commits
Vendor Advisory: https://git.kernel.org/stable/c/17fa90ffba20743c946920fbb0afe160d0ead8c9
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. For custom kernels, apply the patch that replaces the vulnerable stack reading with READ_ONCE_NOCHECK in the RISC-V stack unwinding code. 3. Recompile and install the kernel. 4. Reboot the system.
🔧 Temporary Workarounds
Enable CONFIG_FRAME_POINTER
linuxEnable frame pointer support in kernel configuration to avoid the imprecise unwinding mode
Enable CONFIG_FRAME_POINTER=y in kernel configuration and rebuild
Disable KASAN
linuxDisable Kernel Address Sanitizer if not needed for debugging
Set CONFIG_KASAN=n in kernel configuration and rebuild
🧯 If You Can't Patch
- Ensure KASAN is disabled in kernel configuration for production systems
- Enable CONFIG_FRAME_POINTER to use precise stack unwinding instead of imprecise mode
🔍 How to Verify
Check if Vulnerable:
Check kernel configuration for CONFIG_FRAME_POINTER and CONFIG_KASAN settings. If CONFIG_FRAME_POINTER=n and CONFIG_KASAN=y on RISC-V, system may be vulnerable.Check Version:
uname -rVerify Fix Applied:
Check kernel version includes the fix commits or verify the walk_stackframe function uses READ_ONCE_NOCHECK for stack reads in imprecise mode.📡 Detection & Monitoring
Log Indicators:
- Kernel panic during boot with KASAN stack-out-of-bounds errors
- BUG: KASAN: stack-out-of-bounds in walk_stackframe+ messages in kernel logs
SIEM Query:
Search for 'KASAN: stack-out-of-bounds' AND 'walk_stackframe' in kernel/system logs🔗 References
- https://git.kernel.org/stable/c/17fa90ffba20743c946920fbb0afe160d0ead8c9
- https://git.kernel.org/stable/c/324912d6c0c4006711054d389faa2239c1655e1e
- https://git.kernel.org/stable/c/3a9418d2c93c1c86ce4d0595112d91c7a8e70c2c
- https://git.kernel.org/stable/c/3de277af481ab931fab9e295ad8762692920732a
- https://git.kernel.org/stable/c/76950340cf03b149412fe0d5f0810e52ac1df8cb
- https://git.kernel.org/stable/c/a99a61d9e1bfca2fc37d223a6a185c0eb66aba02
