CVE-2023-52813 in Linuxinfo

Summary

by MITRE • 05/21/2024

In the Linux kernel, the following vulnerability has been resolved:

crypto: pcrypt - Fix hungtask for PADATA_RESET

We found a hungtask bug in test_aead_vec_cfg as follows:

INFO: task cryptomgr_test:391009 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. Call trace: __switch_to+0x98/0xe0 __schedule+0x6c4/0xf40 schedule+0xd8/0x1b4 schedule_timeout+0x474/0x560 wait_for_common+0x368/0x4e0 wait_for_completion+0x20/0x30 wait_for_completion+0x20/0x30 test_aead_vec_cfg+0xab4/0xd50 test_aead+0x144/0x1f0 alg_test_aead+0xd8/0x1e0 alg_test+0x634/0x890 cryptomgr_test+0x40/0x70 kthread+0x1e0/0x220 ret_from_fork+0x10/0x18 Kernel panic - not syncing: hung_task: blocked tasks

For padata_do_parallel, when the return err is 0 or -EBUSY, it will call wait_for_completion(&wait->completion) in test_aead_vec_cfg. In normal case, aead_request_complete() will be called in pcrypt_aead_serial and the return err is 0 for padata_do_parallel. But, when pinst->flags is PADATA_RESET, the return err is -EBUSY for padata_do_parallel, and it won't call aead_request_complete(). Therefore, test_aead_vec_cfg will hung at wait_for_completion(&wait->completion), which will cause hungtask.

The problem comes as following: (padata_do_parallel) | rcu_read_lock_bh(); | err = -EINVAL; | (padata_replace) | pinst->flags |= PADATA_RESET; err = -EBUSY | if (pinst->flags & PADATA_RESET) | rcu_read_unlock_bh() | return err

In order to resolve the problem, we replace the return err -EBUSY with -EAGAIN, which means parallel_data is changing, and the caller should call it again.

v3: remove retry and just change the return err. v2: introduce padata_try_do_parallel() in pcrypt_aead_encrypt and pcrypt_aead_decrypt to solve the hungtask.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 09/26/2025

The vulnerability CVE-2023-52813 resides within the Linux kernel's cryptographic subsystem, specifically in the pcrypt implementation which handles parallel cryptographic operations. This issue manifests as a hungtask condition that occurs during kernel testing of AEAD (Authenticated Encryption with Associated Data) algorithms, particularly when the test_aead_vec_cfg function attempts to process cryptographic requests using parallel data processing. The problem stems from an improper handling of the PADATA_RESET flag within the padata_do_parallel function, creating a deadlock scenario that prevents the system from progressing and ultimately results in a kernel panic due to the hung task detection mechanism.

The technical flaw occurs in the interaction between the padata_do_parallel function and the test_aead_vec_cfg testing framework. When padata_do_parallel encounters a situation where pinst->flags contains the PADATA_RESET bit, it returns -EBUSY instead of allowing the operation to retry. This return code causes the test_aead_vec_cfg function to invoke wait_for_completion() and wait indefinitely for a completion event that never occurs. The normal execution path would see aead_request_complete() called from pcrypt_aead_serial when the return code is 0, but with PADATA_RESET active, this completion never happens because the operation is essentially abandoned rather than retried. This creates a classic deadlock scenario where the kernel thread remains blocked indefinitely, triggering the hungtask detection and subsequent system panic.

The operational impact of this vulnerability is significant for systems running Linux kernels that utilize the pcrypt subsystem for parallel cryptographic processing. The hungtask condition can cause complete system hangs, particularly during cryptographic testing or when the system is under load with parallel cryptographic operations. This vulnerability affects the stability and reliability of cryptographic operations, potentially leading to denial of service conditions where legitimate cryptographic processing cannot proceed. The issue is particularly concerning in environments where kernel testing or cryptographic benchmarking is performed regularly, as it can cause test failures and system instability. The vulnerability is classified under CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization) and aligns with ATT&CK techniques related to system resource exhaustion and denial of service through kernel-level manipulation.

The resolution implemented addresses the root cause by changing the return value from -EBUSY to -EAGAIN when PADATA_RESET is detected, signaling to the caller that the parallel data structure is in a transitional state and should be retried. This approach follows the established pattern of using -EAGAIN to indicate that an operation should be attempted again, rather than creating a permanent deadlock condition. The fix eliminates the need for complex retry logic in the higher-level functions and provides a cleaner resolution that maintains system stability while preserving the intended functionality of the parallel cryptographic processing. This solution aligns with kernel best practices for handling transient resource states and ensures that the cryptographic subsystem remains responsive and functional under all operational conditions, preventing the hungtask conditions that could otherwise lead to system crashes or extended downtime.

Reservation

05/21/2024

Disclosure

05/21/2024

Moderation

accepted

CPE

ready

EPSS

0.00286

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!