CVE intelligence and bounded remediation
CVE-2023-53368 — Linux Linux Kernel security vulnerability
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race issue between cpu buffer write and swap Warning happened in rb_end_commit() at code: if (RB_WARN_ON(cpu_buffer, !local_read(&cpu_buffer->committing))) WARNING: CPU: 0 PID: 139 at kernel/trace/ring_buffer.c:3142 rb_commit+0x402/0x4a0 Call Trace: ring_buffer_unlock_commit+0x42/0x250 trace_buffer_unlock_commit_regs+0x3b/0x250 trace_event_buffer_commit+0xe5/0x440 trace_event_buffer_reserve+0x11c/0x150 trace_event_raw_event_sched_switch+0x23c/0x2c0 __traceiter_sched_switch+0x59/0x80 __schedule+0x72b/0x1580 schedule+0x92/0x120 worker_thread+0xa0/0x6f0 It is because the race between writing event into cpu buffer and swapping cpu buffer through file per_cpu/cpu0/snapshot: Write on CPU 0 Swap buffer by per_cpu/cpu0/snapshot on CPU 1 -------- -------- tracing_snapshot_write() [...] ring_buffer_lock_reserve() cpu_buffer = buffer->buffers[cpu]; // 1. Suppose find 'cpu_buffer_a'; [...] rb_reserve_next_event() [...] ring_buffer_swap_cpu() if (local_read(&cpu_buffer_a->committing)) goto out_dec; if (local_read(&cpu_buffer_b->committing)) goto out_dec; buffer_a->buffers[cpu] = cpu_buffer_b; buffer_b->buffers[cpu…
- Severity
- Medium
- CVSS
- 4.7 (3.1)
- Published
- 2025-09-17
- CISA KEV
- Not currently listed
- Ecosystem
- linux/kernel
- Weaknesses
- CWE-362
Affected products
- linux / linux_kernel
Matched remediation archetype
Race condition, TOCTOU, and lifecycle synchronization
This catalog composition supplies bounded fallback guidance. Explicitly reviewed curated workflows load with the complete record below.
Check exposure
- Map concurrent actors, shared state, lock boundaries, signals, callbacks, retries, and check-then-use sequences in the affected path.
- Determine whether untrusted users can influence timing, object names, filesystem state, or repeated state transitions.
- Identify clustered and multi-process behavior that repository-local tests may not represent.
Remediate safely
- Make the sensitive state transition atomic or protect it with a consistently ordered synchronization primitive.
- Perform authorization and invariant checks on the same authoritative object and transaction used for the operation.
- Use unique private resources, safe ownership transfer, and idempotent operations; add deterministic concurrency regression tests.
Authoritative sources
Complete CVE record and remediation plan
The detailed catalog view below loads this exact record, its source evidence, and the full seven-phase agentic change plan.