Linux Kernel up to 6.1.52/6.4.15/6.5.2 lib/debugobjects.c destroy_work_on_stack state issue
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.4 | $0-$5k | 0.00 |
Summary
A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.52/6.4.15/6.5.2. This vulnerability affects the function destroy_work_on_stack in the library lib/debugobjects.c. Performing a manipulation results in state issue.
This vulnerability is cataloged as CVE-2023-54235. There is no exploit available.
It is suggested to upgrade the affected component.
Details
A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.52/6.4.15/6.5.2. This affects the function destroy_work_on_stack in the library lib/debugobjects.c. The manipulation with an unknown input leads to a state issue vulnerability. CWE is classifying the issue as CWE-371. The impact remains unknown. The summary by CVE is:
In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix destroy_work_on_stack() race The following debug object splat was observed in testing: ODEBUG: free active (active state 0) object: 0000000097d23782 object type: work_struct hint: doe_statemachine_work+0x0/0x510 WARNING: CPU: 1 PID: 71 at lib/debugobjects.c:514 debug_print_object+0x7d/0xb0 ... Workqueue: pci 0000:36:00.0 DOE [1 doe_statemachine_work RIP: 0010:debug_print_object+0x7d/0xb0 ... Call Trace: ? debug_print_object+0x7d/0xb0 ? __pfx_doe_statemachine_work+0x10/0x10 debug_object_free.part.0+0x11b/0x150 doe_statemachine_work+0x45e/0x510 process_one_work+0x1d4/0x3c0 This occurs because destroy_work_on_stack() was called after signaling the completion in the calling thread. This creates a race between destroy_work_on_stack() and the task->work struct going out of scope in pci_doe(). Signal the work complete after destroying the work struct. This is safe because signal_task_complete() is the final thing the work item does and the workqueue code is careful not to access the work struct after.
It is possible to read the advisory at git.kernel.org. This vulnerability is uniquely identified as CVE-2023-54235 since 12/30/2025. The exploitability is told to be difficult. Technical details of the vulnerability are known, but there is no available exploit. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 04/27/2026).
Upgrading to version 6.1.53, 6.4.16 or 6.5.3 eliminates this vulnerability. Applying the patch d96799ee3b78962c80e4b6653734f488f999ca09/c4f9c0a3a6df143f2e1092823b7fa9e07d6ab57f/19cf3ba16dcc2ef059dcf010072d4f96d76486e0/e3a3a097eaebaf234a482b4d2f9f18fe989208c1 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2025-2941). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Affected
- Debian Linux
- Amazon Linux 2
- IBM Power Hardware Management Console
- Red Hat Enterprise Linux
- Ubuntu Linux
- SUSE Linux
- Oracle Linux
- Open Source Linux Kernel
- RESF Rocky Linux
- IBM DataPower Gateway
Product
Type
Vendor
Name
Version
- 6.1.0
- 6.1.1
- 6.1.2
- 6.1.3
- 6.1.4
- 6.1.5
- 6.1.6
- 6.1.7
- 6.1.8
- 6.1.9
- 6.1.10
- 6.1.11
- 6.1.12
- 6.1.13
- 6.1.14
- 6.1.15
- 6.1.16
- 6.1.17
- 6.1.18
- 6.1.19
- 6.1.20
- 6.1.21
- 6.1.22
- 6.1.23
- 6.1.24
- 6.1.25
- 6.1.26
- 6.1.27
- 6.1.28
- 6.1.29
- 6.1.30
- 6.1.31
- 6.1.32
- 6.1.33
- 6.1.34
- 6.1.35
- 6.1.36
- 6.1.37
- 6.1.38
- 6.1.39
- 6.1.40
- 6.1.41
- 6.1.42
- 6.1.43
- 6.1.44
- 6.1.45
- 6.1.46
- 6.1.47
- 6.1.48
- 6.1.49
- 6.1.50
- 6.1.51
- 6.1.52
- 6.4.0
- 6.4.1
- 6.4.2
- 6.4.3
- 6.4.4
- 6.4.5
- 6.4.6
- 6.4.7
- 6.4.8
- 6.4.9
- 6.4.10
- 6.4.11
- 6.4.12
- 6.4.13
- 6.4.14
- 6.4.15
- 6.5.0
- 6.5.1
- 6.5.2
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.6VulDB Meta Temp Score: 4.4
VulDB Base Score: 4.6
VulDB Temp Score: 4.4
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: State issueCWE: CWE-371
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Partially
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: Kernel 6.1.53/6.4.16/6.5.3
Patch: d96799ee3b78962c80e4b6653734f488f999ca09/c4f9c0a3a6df143f2e1092823b7fa9e07d6ab57f/19cf3ba16dcc2ef059dcf010072d4f96d76486e0/e3a3a097eaebaf234a482b4d2f9f18fe989208c1
Timeline
12/30/2025 Advisory disclosed12/30/2025 CVE reserved
12/30/2025 VulDB entry created
04/27/2026 VulDB entry last update
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2023-54235 (🔒)
GCVE (CVE): GCVE-0-2023-54235
GCVE (VulDB): GCVE-100-338979
CERT Bund: WID-SEC-2025-2941 - Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Entry
Created: 12/30/2025 16:50Updated: 04/27/2026 00:10
Changes: 12/30/2025 16:50 (59), 01/01/2026 11:47 (7), 04/27/2026 00:10 (1)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.