CVE-2023-52993: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel (CVE-2023-52993) was identified and resolved, involving the x86/i8259 legacy PIC interrupts. The issue was discovered when crash-kernel failures occurred approximately 50% of the time after triggering a crash. This vulnerability was publicly disclosed on March 27, 2025 (NVD).

The vulnerability stems from a NULL pointer dereference in the periodic tick code. The issue occurs because the legacy timer interrupt (IRQ0) is resent in software during soft interrupt (tasklet) context. In this context, getirqregs() returns NULL, leading to the NULL pointer dereference. The root cause was identified as a spurious APIC interrupt on the IRQ0 vector that triggers a resend when the legacy timer interrupt is enabled. The core issue was that legacy PIC interrupts, which are level triggered, were not properly marked with the IRQ_LEVEL flag, causing incorrect handling in the core code (NVD).

The vulnerability causes system instability and potential crashes, specifically affecting systems using legacy PIC interrupts. When triggered, it causes the crash-kernel to fail to boot approximately 50% of the time, impacting system reliability and availability (NVD).

The fix involves ensuring that IRQ_LEVEL is properly set when legacy PCI interrupts are set up. This correction prevents the incorrect software resend of level-triggered interrupts (NVD).