CVE-2023-53583 in Linux
Summary
by MITRE • 10/04/2025
In the Linux kernel, the following vulnerability has been resolved:
perf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start()
Since commit 096b52fd2bb4 ("perf: RISC-V: throttle perf events") the perf_sample_event_took() function was added to report time spent in overflow interrupts. If the interrupt takes too long, the perf framework will lower the sysctl_perf_event_sample_rate and max_samples_per_tick. When hwc->interrupts is larger than max_samples_per_tick, the hwc->interrupts will be set to MAX_INTERRUPTS, and events will be throttled within the __perf_event_account_interrupt() function.
However, the RISC-V PMU driver doesn't call riscv_pmu_stop() to update the PERF_HES_STOPPED flag after perf_event_overflow() in pmu_sbi_ovf_handler() function to avoid throttling. When the perf framework unthrottled the event in the timer interrupt handler, it triggers riscv_pmu_start() function and causes a WARN_ON_ONCE() warning, as shown below:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 240 at drivers/perf/riscv_pmu.c:184 riscv_pmu_start+0x7c/0x8e Modules linked in: CPU: 0 PID: 240 Comm: ls Not tainted 6.4-rc4-g19d0788e9ef2 #1 Hardware name: SiFive (DT) epc : riscv_pmu_start+0x7c/0x8e ra : riscv_pmu_start+0x28/0x8e epc : ffffffff80aef864 ra : ffffffff80aef810 sp : ffff8f80004db6f0 gp : ffffffff81c83750 tp : ffffaf80069f9bc0 t0 : ffff8f80004db6c0 t1 : 0000000000000000 t2 : 000000000000001f s0 : ffff8f80004db720 s1 : ffffaf8008ca1068 a0 : 0000ffffffffffff a1 : 0000000000000000 a2 : 0000000000000001 a3 : 0000000000000870 a4 : 0000000000000000 a5 : 0000000000000000 a6 : 0000000000000840 a7 : 0000000000000030 s2 : 0000000000000000 s3 : ffffaf8005165800 s4 : ffffaf800424da00 s5 : ffffffffffffffff s6 : ffffffff81cc7590 s7 : 0000000000000000 s8 : 0000000000000006 s9 : 0000000000000001 s10: ffffaf807efbc340 s11: ffffaf807efbbf00 t3 : ffffaf8006a16028 t4 : 00000000dbfbb796 t5 : 0000000700000000 t6 : ffffaf8005269870 status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000003 [<ffffffff80aef864>] riscv_pmu_start+0x7c/0x8e
[<ffffffff80185b56>] perf_adjust_freq_unthr_context+0x15e/0x174
[<ffffffff80188642>] perf_event_task_tick+0x88/0x9c
[<ffffffff800626a8>] scheduler_tick+0xfe/0x27c
[<ffffffff800b5640>] update_process_times+0x9a/0xba
[<ffffffff800c5bd4>] tick_sched_handle+0x32/0x66
[<ffffffff800c5e0c>] tick_sched_timer+0x64/0xb0
[<ffffffff800b5e50>] __hrtimer_run_queues+0x156/0x2f4
[<ffffffff800b6bdc>] hrtimer_interrupt+0xe2/0x1fe
[<ffffffff80acc9e8>] riscv_timer_interrupt+0x38/0x42
[<ffffffff80090a16>] handle_percpu_devid_irq+0x90/0x1d2
[<ffffffff8008a9f4>] generic_handle_domain_irq+0x28/0x36
After referring other PMU drivers like Arm, Loongarch, Csky, and Mips, they don't call *_pmu_stop() to update with PERF_HES_STOPPED flag after perf_event_overflow() function nor do they add PERF_HES_STOPPED flag checking in *_pmu_start() which don't cause this warning.
Thus, it's recommended to remove this unnecessary check in riscv_pmu_start() function to prevent this warning.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/27/2026
The vulnerability described in CVE-2023-53583 affects the Linux kernel's performance monitoring unit implementation specifically on RISC-V architecture. This issue stems from an improper handling of the PERF_HES_STOPPED flag within the riscv_pmu_start() function, which leads to a kernel warning and potential performance degradation. The root cause lies in the interaction between the perf framework's throttling mechanism and the RISC-V PMU driver's interrupt handling logic.
The technical flaw manifests when the perf framework detects that interrupt processing time has exceeded acceptable thresholds, triggering automatic rate adjustment through the perf_sample_event_took() function. This mechanism lowers the sysctl_perf_event_sample_rate and max_samples_per_tick values to prevent system overload. However, the RISC-V PMU driver fails to properly update the PERF_HES_STOPPED flag after handling overflow interrupts in the pmu_sbi_ovf_handler() function. This omission causes the perf framework to incorrectly believe that events are still active when they should be stopped, leading to the WARN_ON_ONCE() warning during timer interrupt processing.
The operational impact of this vulnerability includes unnecessary kernel warnings that can clutter system logs and potentially mask more serious issues. The warning occurs specifically when the perf framework attempts to unthrottle events in the timer interrupt handler, which then triggers riscv_pmu_start() and causes the system to generate the warning message. This behavior can affect system stability and performance monitoring accuracy on RISC-V systems, particularly those running recent kernel versions where the problematic commit was introduced.
This vulnerability aligns with CWE-691, which covers inadequate protection of code against excessive resource consumption. The issue also relates to ATT&CK technique T1490, as it affects system stability through resource management issues. The recommended fix involves removing the unnecessary PERF_HES_STOPPED flag checking in the riscv_pmu_start() function, following the pattern established by other PMU drivers such as Arm, Loongarch, Csky, and Mips. This approach ensures consistency with the broader kernel ecosystem and prevents the spurious warning while maintaining proper event handling behavior. The solution addresses the fundamental mismatch between the perf framework's expectations and the RISC-V driver's implementation, bringing it in line with established patterns used across similar architectures.