{"id":"CVE-2023-53287","summary":"usb: cdns3: Put the cdns set active part outside the spin lock","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: Put the cdns set active part outside the spin lock\n\nThe device may be scheduled during the resume process,\nso this cannot appear in atomic operations. Since\npm_runtime_set_active will resume suppliers, put set\nactive outside the spin lock, which is only used to\nprotect the struct cdns data structure, otherwise the\nkernel will report the following warning:\n\n  BUG: sleeping function called from invalid context at drivers/base/power/runtime.c:1163\n  in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 651, name: sh\n  preempt_count: 1, expected: 0\n  RCU nest depth: 0, expected: 0\n  CPU: 0 PID: 651 Comm: sh Tainted: G        WC         6.1.20 #1\n  Hardware name: Freescale i.MX8QM MEK (DT)\n  Call trace:\n    dump_backtrace.part.0+0xe0/0xf0\n    show_stack+0x18/0x30\n    dump_stack_lvl+0x64/0x80\n    dump_stack+0x1c/0x38\n    __might_resched+0x1fc/0x240\n    __might_sleep+0x68/0xc0\n    __pm_runtime_resume+0x9c/0xe0\n    rpm_get_suppliers+0x68/0x1b0\n    __pm_runtime_set_status+0x298/0x560\n    cdns_resume+0xb0/0x1c0\n    cdns3_controller_resume.isra.0+0x1e0/0x250\n    cdns3_plat_resume+0x28/0x40","modified":"2026-04-11T12:46:44.398461Z","published":"2025-09-16T08:11:20.304Z","related":["SUSE-SU-2025:03600-1","SUSE-SU-2025:03615-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:3761-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53287.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2319b9c87fe243327285f2fefd7374ffd75a65fc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bbc9c3652708108738009e096d608ece3cd9fa8a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c861a61be6d30538ebcf7fcab1d43f244e298840"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d3f372ec95b89776f72d5c9a475424e27734c223"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53287.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53287"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7733f6c32e36ff9d7adadf40001039bf219b1cbe"},{"fixed":"c861a61be6d30538ebcf7fcab1d43f244e298840"},{"fixed":"bbc9c3652708108738009e096d608ece3cd9fa8a"},{"fixed":"d3f372ec95b89776f72d5c9a475424e27734c223"},{"fixed":"2319b9c87fe243327285f2fefd7374ffd75a65fc"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53287.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.4.0"},{"fixed":"5.15.133"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.55"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.5.5"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53287.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}