{"id":"CVE-2023-53281","summary":"drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler()\n\nCommit 041879b12ddb (\"drivers: staging: rtl8192bs: Fix deadlock in\nrtw_joinbss_event_prehandle()\") besides fixing the deadlock also\nmodified _rtw_join_timeout_handler() to use spin_[un]lock_irq()\ninstead of spin_[un]lock_bh().\n\n_rtw_join_timeout_handler() calls rtw_do_join() which takes\npmlmepriv-\u003escanned_queue.lock using spin_[un]lock_bh(). This\nspin_unlock_bh() call re-enables softirqs which triggers an oops in\nkernel/softirq.c: __local_bh_enable_ip() when it calls\nlockdep_assert_irqs_enabled():\n\n[  244.506087] WARNING: CPU: 2 PID: 0 at kernel/softirq.c:376 __local_bh_enable_ip+0xa6/0x100\n...\n[  244.509022] Call Trace:\n[  244.509048]  \u003cIRQ\u003e\n[  244.509100]  _rtw_join_timeout_handler+0x134/0x170 [r8723bs]\n[  244.509468]  ? __pfx__rtw_join_timeout_handler+0x10/0x10 [r8723bs]\n[  244.509772]  ? __pfx__rtw_join_timeout_handler+0x10/0x10 [r8723bs]\n[  244.510076]  call_timer_fn+0x95/0x2a0\n[  244.510200]  __run_timers.part.0+0x1da/0x2d0\n\nThis oops is causd by the switch to spin_[un]lock_irq() which disables\nthe IRQs for the entire duration of _rtw_join_timeout_handler().\n\nDisabling the IRQs is not necessary since all code taking this lock\nruns from either user contexts or from softirqs, switch back to\nspin_[un]lock_bh() to fix this.","modified":"2026-04-02T09:43:56.056643Z","published":"2025-09-16T08:11:15.364Z","related":["SUSE-SU-2025:03615-1","SUSE-SU-2025:03628-1","SUSE-SU-2025:3716-1","SUSE-SU-2025:3761-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53281.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/209850f17717a3b5cc558578bef5631ac7045539"},{"type":"WEB","url":"https://git.kernel.org/stable/c/215792eda008f6a1e7ed9d77fa20d582d22bb114"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2a50e44a66d268ee5db3d177f1fdc1503dbce6e7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4ab1bace1dd3875371b481ef4301c4671bddea22"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dc327e87c6d9bfd9ee08e76396b3c0ba848ec554"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53281.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53281"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ae60744d5fad840b9d056d35b4b652d95e755846"},{"fixed":"209850f17717a3b5cc558578bef5631ac7045539"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"041879b12ddb0c6c83ed9c0bdd10dc82a056f2fc"},{"fixed":"2a50e44a66d268ee5db3d177f1fdc1503dbce6e7"},{"fixed":"dc327e87c6d9bfd9ee08e76396b3c0ba848ec554"},{"fixed":"4ab1bace1dd3875371b481ef4301c4671bddea22"},{"fixed":"215792eda008f6a1e7ed9d77fa20d582d22bb114"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"1f6c99b94ca3caad346876b3e22e3ca3d25bc8ee"},{"last_affected":"eca9748d9267a38d532464e3305a38629e9c35a9"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53281.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}