CVE-2023-53799

medium

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: api - Use work queue in crypto_destroy_instance The function crypto_drop_spawn expects to be called in process context. However, when an instance is unregistered while it still has active users, the last user may cause the instance to be freed in atomic context. Fix this by delaying the freeing to a work queue.

References

https://git.kernel.org/stable/c/c4cb61c5f976183c07d16b0071f0c60bc212ef1f

https://git.kernel.org/stable/c/c0dbcebc7f390ec7dbe010dcc22c60f0c6bfc26d

https://git.kernel.org/stable/c/9ae4577bc077a7e32c3c7d442c95bc76865c0f17

https://git.kernel.org/stable/c/867a146690960ac7b89ce40f4ee60dd32eeb1682

https://git.kernel.org/stable/c/625bf86bf53eb7a8ee60fb9dc45b272b77e5ce1c

https://git.kernel.org/stable/c/048545d9fc6424b0a11e7e8771225bb9afe09422

Details

Source: Mitre, NVD

Published: 2025-12-09

Updated: 2025-12-09

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00024