{"id":"CVE-2023-54316","summary":"refscale: Fix uninitalized use of wait_queue_head_t","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nrefscale: Fix uninitalized use of wait_queue_head_t\n\nRunning the refscale test occasionally crashes the kernel with the\nfollowing error:\n\n[ 8569.952896] BUG: unable to handle page fault for address: ffffffffffffffe8\n[ 8569.952900] #PF: supervisor read access in kernel mode\n[ 8569.952902] #PF: error_code(0x0000) - not-present page\n[ 8569.952904] PGD c4b048067 P4D c4b049067 PUD c4b04b067 PMD 0\n[ 8569.952910] Oops: 0000 [#1] PREEMPT_RT SMP NOPTI\n[ 8569.952916] Hardware name: Dell Inc. PowerEdge R750/0WMWCR, BIOS 1.2.4 05/28/2021\n[ 8569.952917] RIP: 0010:prepare_to_wait_event+0x101/0x190\n  :\n[ 8569.952940] Call Trace:\n[ 8569.952941]  \u003cTASK\u003e\n[ 8569.952944]  ref_scale_reader+0x380/0x4a0 [refscale]\n[ 8569.952959]  kthread+0x10e/0x130\n[ 8569.952966]  ret_from_fork+0x1f/0x30\n[ 8569.952973]  \u003c/TASK\u003e\n\nThe likely cause is that init_waitqueue_head() is called after the call to\nthe torture_create_kthread() function that creates the ref_scale_reader\nkthread.  Although this init_waitqueue_head() call will very likely\ncomplete before this kthread is created and starts running, it is\npossible that the calling kthread will be delayed between the calls to\ntorture_create_kthread() and init_waitqueue_head().  In this case, the\nnew kthread will use the waitqueue head before it is properly initialized,\nwhich is not good for the kernel's health and well-being.\n\nThe above crash happened here:\n\n\tstatic inline void __add_wait_queue(...)\n\t{\n\t\t:\n\t\tif (!(wq-\u003eflags & WQ_FLAG_PRIORITY)) \u003c=== Crash here\n\nThe offset of flags from list_head entry in wait_queue_entry is\n-0x18. If reader_tasks[i].wq.head.next is NULL as allocated reader_task\nstructure is zero initialized, the instruction will try to access address\n0xffffffffffffffe8, which is exactly the fault address listed above.\n\nThis commit therefore invokes init_waitqueue_head() before creating\nthe kthread.","modified":"2026-03-31T17:29:47.320644Z","published":"2025-12-30T12:23:46.526Z","related":["SUSE-SU-2026:0278-1","SUSE-SU-2026:0281-1","SUSE-SU-2026:0293-1","SUSE-SU-2026:0315-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54316.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/066fbd8bc981cf49923bf828b7b4092894df577f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/70a2856fd1d0a040c876ba9e3f89b949ae92e4dd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e0322a255a2242dbe4686b6176b3c83dea490529"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e5de968a9032366198720eac4f368ed7e690b3ef"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ec9d118ad99dc6f1bc674c1e649c25533d89b9ba"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f5063e8948dad7f31adb007284a5d5038ae31bb8"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54316.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-54316"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"653ed64b01dc5989f8f579d0038e987476c2c023"},{"fixed":"066fbd8bc981cf49923bf828b7b4092894df577f"},{"fixed":"ec9d118ad99dc6f1bc674c1e649c25533d89b9ba"},{"fixed":"e0322a255a2242dbe4686b6176b3c83dea490529"},{"fixed":"e5de968a9032366198720eac4f368ed7e690b3ef"},{"fixed":"70a2856fd1d0a040c876ba9e3f89b949ae92e4dd"},{"fixed":"f5063e8948dad7f31adb007284a5d5038ae31bb8"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54316.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.9.0"},{"fixed":"5.10.195"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.132"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.53"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.4.16"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.5.0"},{"fixed":"6.5.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54316.json"}}],"schema_version":"1.7.5"}