CVE-2023-53593 Affecting libperf package, versions *
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CENTOS9-LIBPERF-13385630
- published7 Oct 2025
- disclosed4 Oct 2025
Introduced: 4 Oct 2025
NewCVE-2023-53593 (opens in a new tab)How to fix?
There is no fixed version for Centos:9 libperf.
NVD Description
Note: Versions mentioned in the description apply only to the upstream libperf package and not the libperf package as distributed by Centos.
See How to fix? for Centos:9 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
cifs: Release folio lock on fscache read hit.
Under the current code, when cifs_readpage_worker is called, the call contract is that the callee should unlock the page. This is documented in the read_folio section of Documentation/filesystems/vfs.rst as:
> The filesystem should unlock the folio once the read has completed, > whether it was successful or not.
Without this change, when fscache is in use and cache hit occurs during a read, the page lock is leaked, producing the following stack on subsequent reads (via mmap) to the page:
$ cat /proc/3890/task/12864/stack [<0>] folio_wait_bit_common+0x124/0x350 [<0>] filemap_read_folio+0xad/0xf0 [<0>] filemap_fault+0x8b1/0xab0 [<0>] __do_fault+0x39/0x150 [<0>] do_fault+0x25c/0x3e0 [<0>] __handle_mm_fault+0x6ca/0xc70 [<0>] handle_mm_fault+0xe9/0x350 [<0>] do_user_addr_fault+0x225/0x6c0 [<0>] exc_page_fault+0x84/0x1b0 [<0>] asm_exc_page_fault+0x27/0x30
This requires a reboot to resolve; it is a deadlock.
Note however that the call to cifs_readpage_from_fscache does mark the page clean, but does not free the folio lock. This happens in __cifs_readpage_from_fscache on success. Releasing the lock at that point however is not appropriate as cifs_readahead also calls cifs_readpage_from_fscache and does unconditionally release the lock after its return. This change therefore effectively makes cifs_readpage_worker work like cifs_readahead.
References
- https://access.redhat.com/security/cve/CVE-2023-53593
- https://git.kernel.org/stable/c/4259dd534245579c966c53c15187cc8e9461d6e9
- https://git.kernel.org/stable/c/5a87735675147f848445f05fd1f06168188f91af
- https://git.kernel.org/stable/c/69513dd669e243928f7450893190915a88f84a2b
- https://git.kernel.org/stable/c/6e74926ede96470be84e66a1c576982fe4f8ea79
- https://git.kernel.org/stable/c/7a9fb689c1a1dc373887621a3bfa3810df0abde4
- https://git.kernel.org/stable/c/961f7ce16223aee2db583a43877d84e6d1f2b857
- https://git.kernel.org/stable/c/9e725386d4262ef23ae51993f04602bc535b5be2
- https://git.kernel.org/stable/c/c3ac8323f2f5b50e32681c254b8318f7fa2dc3f4