Incorrect Synchronization Affecting perf-debuginfo package, versions <0:6.1.34-56.100.amzn2023
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-AMZN2023-PERFDEBUGINFO-15315123
- published19 Feb 2026
- disclosed24 Dec 2025
Introduced: 24 Dec 2025
CVE-2023-54086 (opens in a new tab)How to fix?
Upgrade Amazon-Linux:2023 perf-debuginfo to version 0:6.1.34-56.100.amzn2023 or higher.
This issue was patched in ALAS2023-2023-228.
NVD Description
Note: Versions mentioned in the description apply only to the upstream perf-debuginfo package and not the perf-debuginfo package as distributed by Amazon-Linux.
See How to fix? for Amazon-Linux:2023 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
bpf: Add preempt_count_{sub,add} into btf id deny list
The recursion check in __bpf_prog_enter* and _bpf_prog_exit* leave preempt_count{sub,add} unprotected. When attaching trampoline to them we get panic as follows,
[ 867.843050] BUG: TASK stack guard page was hit at 0000000009d325cf (stack is 0000000046a46a15..00000000537e7b28) [ 867.843064] stack guard page: 0000 [#1] PREEMPT SMP NOPTI [ 867.843067] CPU: 8 PID: 11009 Comm: trace Kdump: loaded Not tainted 6.2.0+ #4 [ 867.843100] Call Trace: [ 867.843101] <TASK> [ 867.843104] asm_exc_int3+0x3a/0x40 [ 867.843108] RIP: 0010:preempt_count_sub+0x1/0xa0 [ 867.843135] __bpf_prog_enter_recur+0x17/0x90 [ 867.843148] bpf_trampoline_6442468108_0+0x2e/0x1000 [ 867.843154] ? preempt_count_sub+0x1/0xa0 [ 867.843157] preempt_count_sub+0x5/0xa0 [ 867.843159] ? migrate_enable+0xac/0xf0 [ 867.843164] __bpf_prog_exit_recur+0x2d/0x40 [ 867.843168] bpf_trampoline_6442468108_0+0x55/0x1000 ... [ 867.843788] preempt_count_sub+0x5/0xa0 [ 867.843793] ? migrate_enable+0xac/0xf0 [ 867.843829] __bpf_prog_exit_recur+0x2d/0x40 [ 867.843837] BUG: IRQ stack guard page was hit at 0000000099bd8228 (stack is 00000000b23e2bc4..000000006d95af35) [ 867.843841] BUG: IRQ stack guard page was hit at 000000005ae07924 (stack is 00000000ffd69623..0000000014eb594c) [ 867.843843] BUG: IRQ stack guard page was hit at 00000000028320f0 (stack is 00000000034b6438..0000000078d1bcec) [ 867.843842] bpf_trampoline_6442468108_0+0x55/0x1000 ...
That is because in _bpf_prog_exit_recur, the preempt_count{sub,add} are called after prog->active is decreased.
Fixing this by adding these two functions into btf ids deny list.
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-54086
- https://git.kernel.org/stable/c/095018267c87b8bfbbb12eeb1c0ebf2359e1782c
- https://git.kernel.org/stable/c/60039bf72f81638baa28652a11a68e9b0b7b5b2d
- https://git.kernel.org/stable/c/b9168d41b83d182f34ba927ee822edaee18d5fc8
- https://git.kernel.org/stable/c/c11bd046485d7bf1ca200db0e7d0bdc4bafdd395